[[PageOutline]] = Authorization = == Schedule == Tuesday, 3:30pm - 5:00 pm == Session Leaders == Steve Schwab and Ted Faber, USC/ISI[[br]] Tom Mitchell, GENI Project Office == Description == GENI aggregates currently use signed XML credentials to make authorization decisions. At GEC10 we began a one year effort to evaluate ABAC assertions as a more flexible basis for GENI authorization. At this session, that one year is up. We will compare ABAC against the current credentials, and adopt a path forward for GENI. Then we will discuss implementing that decision. We will also review the status of integrating ABAC in existing control frameworks and aggregates. == Agenda == * Overview (Ted Faber/Steve Schwab) * Lightning Talks in favor of or opposed to ABAC: * Jeff Chase, Duke/ORCA * Rob Ricci, Utah/ProtoGENI * Tom Mitchell, BBN/GPO * Andy Bavier, Princeton/!PlanetLab * Ted Faber, ISI/ABAC * Open Discussion (All) * Vote / Consensus / Sense of the Room * Further steps based on outcome == Related Reading == * [wiki:GeniAuthorization Overview of the GENI Authorization discussion and past meeting summaries] * [wiki:AuthStoryBoard Authorization Storyboard] by Jeff Chase[[br]] ''A series of !PowerPoint "twitters" about GENI authorization in general, and a possible ABAC implementation.'' * [attachment:wiki:GEC11Authorization:geni-abac.pdf Authorization and Trust Structure in GENI: A Perspective on the Role of ABAC], a working paper by Jeff Chase