GENI Clearinghouse and Portal


Tuesday, 1:30 pm - 3:30pm

Session Leaders

Aaron Helsinger and Tom Mitchell, GENI Project Office

Agenda / Details

During this session, the GPO will discuss and demonstrate the prototype GENI Clearinghouse, and a web portal for experimenters to reserve GENI resources through the Clearinghouse. At GEC13, the GENI architects ratified the GENI software architecture. GENI resource reservations will be coordinated by a GENI Clearinghouse that contains multiple software components. This Clearinghouse will be the source for GENI accounts and credentials, when it goes live some time around GEC15. Experimenters will primarily interact with the Clearinghouse through a new web portal, which uses InCommon single sign on.

We will demonstrate the prototype portal and discuss future directions, integrating other experimenter tools, and solicit feedback.


  • Introducing the GENI Portal and Clearinghouse
  • GENI Portal Preview <---- DEMO!
  • Portal Architecture and Implementation
  • GENI Clearinghouse Vision
  • Clearinghouse Architecture and Implementation
  • Discussion and Questions

Session Summary:

At the session, Aaron and Tom demonstrated the GENI Portal and GENI Clearinghouse. The portal is a web tool for calling the new GENI Clearinghouse's open APIs, but which is also a recognized InCommon service provider. The portal is intended to be the first tool that GENI experimenters use, and so is being built to make it easy to get started with GENI. The Clearinghouse is the implementation of the GENI Software Architecture, built to enable trusted interactions in the GENI Federation. These systems are in development, and will be available for early adopters around GEC15.

There were a number of good questions raised during the session.

These systems do not currently use ABAC, but all authorization decisions are made based on assertions that in future could be represented using ABAC. The GENI authorization framework is and must be flexible. The portal is mostly just a tool, and others could write their own tools that talk to the Clearinghouse APIs (as well as the GENI Aggregate Manager API) - the only special piece of the portal is that it is a recognized InCommon service provider, enabling single sign on authentication.

For aggregates to work with the clearinghouse, they must simply trust another slice authority. GENI racks will trust the Clearinghouse. Other aggregates will likely also trust the Clearinghouse, but may also continue to trust other slice authorities.

The services of the clearinghouse are built to be distributed, supporting load balancing, etc. But we have not done this yet.

The portal caches experimenter authorization information for performance, using a short and tunable cache timeout.

Ken Klingenstein noted that we should make the portal and clearinghouse support collaboration tools, particularly based on groups.

Background Reading

Last modified 9 years ago Last modified on 07/11/12 11:26:38

Attachments (1)