Aaron Falk, GENI Project Office


Tues 3:30 - 5:30 pm


How will the GENI federation function? How will aggregates, identity providers, experimenters, and tools federate? Aaron Falk will present the GENI Project Office position on the roles, responsibilities, trust relationships and agreements that parties to GENI should abide by. Implications include new requirements for aggregates, and specific requirements for a GENI clearinghouse. (Joint with Campus and Software Track)

Meeting Report

In Spiral 3, the GPO launched an effort to better define and obtain buy-in on the notion and implications of federation in GENI. The GPO developed a presentation describing a federation approach and implementation that was reviewed individually with several community stakeholders (Rob Ricci, Univ. Utah; Larry Peterson, Princeton; Jeff Chase, Duke Univ.; Jon-Paul Herron, Indiana University; Adam Slagell, NCSA; and John Wroclawski & Ted Faber, USC/ISI) and thoroughly revised before a public review at GEC11. The objective was to sufficiently define federation that a) the functions of a clearinghouse could be derived and prototyped over the coming year and b) places where policies are needed could identified and drafted.

Federation is defined as an organization or group within which smaller divisions have some degree of internal autonomy. The GENI federation is an NxM partnership of experimenters and aggregates that exists to make it easier for all to do research than would otherwise be possible. The federation works if all of its members benefit and to achieve this imposes requirements on federation members. (Although note that members only give away the local autonomy essential to making the federation work.) Aggregates will benefit from identity vetting, operational support, and assistance with forensics. Experimenters will benefit from access to new kinds of resources, unified authentication/authorization, resource discovery, help desk, stitching, and measurement infrastructure.

Creating incentives among the stakeholders allows us to derive design principles that can guide how federation should work in GENI. First, GENI should be attractive to experimenters. Experimenters should gain access to resources that would otherwise be difficult to acquire. Further, it should be easy for experimenters to use GENI. And, the GENI Federation should be able negotiate with other federations as a body, e.g., to exchange access to resources. Second, GENI should be attractive to aggregates. It should be easy for aggregates to join & participate and aggregates should retain autonomy and federation should not be exclusive. And finally, funding agencies (e.g., NSF) should perceive the benefits outweigh the risks. For example, accountability of actions is important; allocated resources should be associated with a responsible individual. It is necessary to give special attention to security for resource allocation & accountability trail (i.e., consider the risk of entity subversion).

Several concepts around federation governance were proposed as well. At its core, the GENI federation will consist of several entities all joined by a set of mutually beneficial agreements. Policies & agreements will be established by a GENI Oversight Group and this group will represent the interests of the members (& funders). Currently, oversight functions are provided by the GENI Project Office as a temporary arrangement while the federation comes into being. Later, oversight will be performed by a governing council. The GENI Clearinghouse, Meta-Operations Center, and other federation-sponsored functions operate under policies set by the GENI Oversight Group.

Of particular interest are the responsibilities of the GENI clearinghouse. Most of these responsibilities flow from making the Federation attractive (e.g., safe and accountable) to experimenters, resource providers and funders:

  • Authorize & register projects, issue project leader credentials
  • Operate a slice authority: endorse & register GENI slice credentials
  • Authorize & register aggregates, issue aggregate credentials
  • Operate services supporting federation-wide resource allocation limits (e.g., proxying aggregates & issuing RSpec endorsements) and record-keeping (e.g., robust transaction logs & parsing)
  • Provide an authoritative accountability trail of resource allocation
  • Keep up-to-date records for identities, projects, slices

While not required, the GENI Clearinghouse may also perform some (non-exclusive) functions that may also be performed elsewhere:

  • Operate an identity portal that can issue & manage GENI identity credentials
  • Operate non-exclusive services enabling discovery & stitching
  • Create slice credentials

For the most part, the community accepted the concept of federation, the need for certain policies, and the role of the Clearinghouse. There was some concern that the proposed mechanism for providing centralized vetting of resource allocations as a way of applying federation-wide limits required by policy would have difficulty scaling. Also, there was a request for more clarity in the requirements around federation-wide policy. Future work in this area will include drafting needed policy documents and implementing a prototype clearinghouse.

Last modified 11 years ago Last modified on 08/31/11 12:08:59

Attachments (2)