Control Framework Working Group Meeting at GEC4
The 4th GENI Engineering Conference was held in Miami, FL from March 31 to April 2, 2009.
The Control Framework WG met on Wednesday, April 1, 3:30pm - 5:30pm.
Audio Clips
Audio Part 1 (MP3, 50MB)
Audio Part 2 (MP3, 53MB)
Meeting Minutes
- Welcome from WG co-chair: John Wroclawski
- RSpecs in GENI (60 min)
- Larry Peterson presented a set of proposed design principles and a suggested tactical approach.
- Slides: http://groups.geni.net/geni/attachment/wiki/GEC4CFWGAgenda/geni_rspec.pdf
- Larry presented these options discovered in the Cluster B meeting:
- Option 1) In the data structure (the RSpec approach). Tools help make simple things easy.
- Option 2) In the interface (the WSDL approach). Ask the aggregate for its capabilities, e.g., GetResources(Any) returns a list of capabilities, and additional calls. Make additional queries as needed.
- Really, no way to make complexity go away.
- Questions from floor, and discussion: [ ]
- Security architecture in GENI: (60 min)
- This overview was organized by Steve Schwab and John Wroclawski
- Security architecture document by Steve Schwab: GENI-SEC-ARCH-0.4
- Slides by Steve Schwab: http://groups.geni.net/geni/attachment/wiki/GEC4CFWGAgenda/GENISecurityArchitecture-GEC4-ss1.pdf
- Cluster B (PlanetLab) report by Larry Peterson:
- Planet lab follows the SFA, which uses credentials (certificates), that include privileges.
- A researcher can delegate privilege via a credential to another researcher.
- Security is expilicit; delegation is explicit; all through credentials.
- Cluster C (ProtoGENI) report by Robert Ricci: http://groups.geni.net/geni/attachment/wiki/GEC4CFWGAgenda/pgeni-security-gec4.pdf
- Cluster D (ORCA) report by Jeff Chase:
- ORCA uses actors, which have public key pairs; signed messages are passed between actors
- An actor runs on behalf of a particular identity.
- An actor can use shibboleth to identify an individual.
- Expect attribute based access control, e.g, in ORCA, can delegate privilege, and policy module signs ticket for particular user and a particular resource.
- ORCA currently using wss4j module to sign with keys, but has to pass certificates; perhaps move to SAML approach
- Cluster E (ORBIT) report by Max Ott: http://groups.geni.net/geni/attachment/wiki/GEC4CFWGAgenda/GEC4%20Orbit%20Security.pdf
- Cluster A (TIED) report by Ted Faber: http://groups.geni.net/geni/attachment/wiki/GEC4CFWGAgenda/Security_v2.pdf
- Questions from floor, and discussion: [ ]
Questions or comments should be sent to the WG Co-Chairs, the WG System Engineer, or to the WG mailing list:
Chairs: Larry Peterson, John Wroclawski
Working Group System Engineer: Harry Mussman
Send email to WG Mail List: WG Mail List
Last modified 15 years ago
Last modified on 07/21/09 13:08:49
Attachments (7)
-
geni_rspec.pdf (17.3 KB) - added by 16 years ago.
Larry Peterson slides from 4/1/09
-
GENISecurityArchitecture-GEC4-ss1.pdf (458.9 KB) - added by 16 years ago.
Steve Schwab slides from 4/1/09
-
pgeni-security-gec4.pdf (223.5 KB) - added by 16 years ago.
Robert Ricci slides from 4/1/09
-
GEC4 Orbit Security.pdf (32.2 KB) - added by 16 years ago.
Max Ott slides from 4/1/09
-
Security_v2.pdf (44.0 KB) - added by 16 years ago.
Ted Faber slides from 4/1/09
-
GEC4_ControlWG_1of2.mp3 (49.2 MB) - added by 15 years ago.
Control Framework Working Group Audio Part 1
-
GEC4_ControlWG_2of2.mp3 (53.3 MB) - added by 15 years ago.
Control Framework Working Group Audio Part 2