Changes between Version 4 and Version 5 of GEMINI_TopicsIssuesTasks


Ignore:
Timestamp:
04/04/12 19:09:32 (7 years ago)
Author:
Jeanne Ohren
Comment:

Cleaned up some formatting

Legend:

Unmodified
Added
Removed
Modified
  • GEMINI_TopicsIssuesTasks

    v4 v5  
    1111== 1)  Discussion of authentication and authorization:  multiple actor options: ==
    1212
    13 a)  tool (outside slice) to AggMgr srvc;  AM API;  XMl-RPC + ssl   [protoGENI cert + GENI credential]
     13a)  tool (outside slice) to !AggMgr srvc;  AM API;  XMl-RPC + ssl   [protoGENI cert + GENI credential]
    1414
    1515b)  tool (outside slice) to host (Slice A);  ssh, scp    [private/public keys]
     
    4444d)  ABAC  [Harry:  GPO believes that ABAC may eventually be used for resource assignment, but not soon]  [What code is available from ISI?  Jim is checking with Teb Faber;  waiting for a response]
    4545
    46         ABAC references:
    47         Deter web site: http://abac.deterlab.net/
    48         Authorization storyboard from Jeff Chase:  http://groups.geni.net/geni/wiki/AuthStoryBoard
    49         Slides on credential store from Jeff Chase:  http://groups.geni.net/geni/attachment/wiki/AuthStoryBoard/certstore.ppt
    50         Slides on future of authorization in GENI from Tom Mitchell:  http://groups.geni.net/geni/attachment/wiki/GEC13Agenda/Authorization/AuthFuture.pdf  [note options without and with credential store]
    51         Summary of GENI authorization discussion at GEC13 (and before):  http://groups.geni.net/geni/wiki/GeniAuthorization 
     46        ABAC references: [[BR]]
     47        Deter web site: http://abac.deterlab.net/ [[BR]]
     48        Authorization storyboard from Jeff Chase:  http://groups.geni.net/geni/wiki/AuthStoryBoard [[BR]]
     49        Slides on credential store from Jeff Chase:  http://groups.geni.net/geni/attachment/wiki/AuthStoryBoard/certstore.ppt [[BR]]
     50        Slides on future of authorization in GENI from Tom Mitchell:  http://groups.geni.net/geni/attachment/wiki/GEC13Agenda/Authorization/AuthFuture.pdf  [note options without and with credential store] [[BR]]
     51        Summary of GENI authorization discussion at GEC13 (and before):  http://groups.geni.net/geni/wiki/GeniAuthorization  [[BR]]
    5252
    5353
     
    7272
    7373g')  New task:  **Review possible tunnel through ssh (or use fo ssh to forward http port), to reuse available ssh port mapping.  (who?)
    74        
    75 g'')  New task:  ** Review port mapping for http, like ssh, with protoGENI, to see how it might be done (Nasir/Jim)
    76        
    77 g''') New task:  **Review need within GENI/GPO to open ports, and implications for rspec  (Harry)
     74
     75g!'')  New task:  ** Review port mapping for http, like ssh, with protoGENI, to see how it might be done (Nasir/Jim)
     76
     77g!''') New task:  **Review need within GENI/GPO to open ports, and implications for rspec  (Harry)
    7878
    7979h)  Task:  what about vnc tunnels?  how were they done in INSTOOLS?   which port on host?  (who?)
     
    119119f)  Task:  What is required to secure keys/certificates/credentials?  passphrase?  other?  [Per Tom Mitchell, OMNI does not require passphrase, but FLACK does currently require passpharase]  [Per Jim protoGENI cert does require passphrase] [Vic to check with Steve Schwab;  need to balance security and ability ot use scripts.]
    120120
    121 g)  Start with CNRI:  Directory Archive (DA) service, which can push data to DOA service, using OI service
    122 Then replace DOA with iRODS
     121g)  Start with CNRI:  Directory Archive (DA) service, which can push data to DOA service, using OI service [[BR]]
     122Then replace DOA with iRODS [[BR]]
    123123[Have iRODS at IU for NetKarma;  Jim and Wesley talking with Ilia and Shu]
    124124
     
    127127i)  Task:  Need help with final formulation of MDOD   (Ezra?)
    128128
    129 j)  Task:  Define view of user workspace service (Jeannie, Matt, Harry, Jim, Martin, Niky) 
     129j)  Task:  Define view of user workspace service (Jeanne, Matt, Harry, Jim, Martin, Niky) 
    130130[Jeanne to add security policy into view]
    131131
     
    139139c)  Task:  understand options for authentication and authorization at a web interface.  (who?)
    140140
    141 d)  Task: provide a more complete view of GEMINI portal service   (Harry, jim and Charles)
    142 
    143 Task:  Jim and Charles plan to provide in a week or two.
    144        
    145 Task:  Charles needs to find a name for the service 
    146 
    147 After discussion on 3/31/12 with Jim, Harry feels that this is very close to Option 1:  "portal to UIs". 
    148        
    149 Jim expects User to have a capable browser, e.g., one that runs HTML-5
    150        
    151 Jim expects portal to manage windowing to various GUIs.
    152        
    153 Jim expect all interactions to be via browser, so there are window(s) to login to shell(s), etc.
     141d)  Task: provide a more complete view of GEMINI portal service   (Harry, jim and Charles) [[BR]]
     142
     143Task:  Jim and Charles plan to provide in a week or two. [[BR]]
     144       
     145Task:  Charles needs to find a name for the service   [[BR]]
     146
     147After discussion on 3/31/12 with Jim, Harry feels that this is very close to Option 1:  "portal to UIs".   [[BR]]
     148       
     149Jim expects User to have a capable browser, e.g., one that runs HTML-5 [[BR]]
     150       
     151Jim expects portal to manage windowing to various GUIs. [[BR]]
     152       
     153Jim expect all interactions to be via browser, so there are window(s) to login to shell(s), etc. [[BR]]
    154154       
    155155Jim does not specify whether browser is looking at GUI in slice, or a tool;  tools are not in a specified place.
    156156       
    157 Harry feels that portal and other tools are in a "user workspace",  in a persistent Linux environment, with file system, key/certificate/credential store, dedicated to the user;  could also have rspec store, etc. ;  then, all tools have ready access to required info, and can readily call one another.
    158        
    159 Harry thinks of "persistent Linux environment" on infrastructure, e.g., a server under your desk or in the lab;  not your laptop;  Jim agrees, and has thought portal would be hosted on infrastructure at Kentucky
    160        
    161 Harry feels that this is just a strucutre, that there is much more work to define tools, interfaces, etc.;  Jim agrees, was concerned it was the final configuration.
    162        
    163 Task:  Harry will modify drawing to reflect discussion with Jim, and then two perspectives can be compared.
    164 Done on 4/4;  agree thatprotal can be in user workspace, or somewhere else.
     157Harry feels that portal and other tools are in a "user workspace",  in a persistent Linux environment, with file system, key/certificate/credential store, dedicated to the user;  could also have rspec store, etc. ;  then, all tools have ready access to required info, and can readily call one another. [[BR]]
     158       
     159Harry thinks of "persistent Linux environment" on infrastructure, e.g., a server under your desk or in the lab;  not your laptop;  Jim agrees, and has thought portal would be hosted on infrastructure at Kentucky [[BR]]
     160       
     161Harry feels that this is just a strucutre, that there is much more work to define tools, interfaces, etc.;  Jim agrees, was concerned it was the final configuration. [[BR]]
     162       
     163Task:  Harry will modify drawing to reflect discussion with Jim, and then two perspectives can be compared. [[BR]]
     164Done on 4/4;  agree that portal can be in user workspace, or somewhere else. [[BR]]
    165165See updated drawing.
    166        
    167          
     166
    168167e)  Task:  Understand NICTA's iREEL portal service;  is this a more complete tool for managing I&M services?   
    169168
    170 Get login, and survey  (Jeanne)
    171        
    172 Provide more info (NICTA, e.g., Christoph)
     169  - Get login, and survey  (Jeanne)
     170       
     171  - Provide more info (NICTA, e.g., Christoph)
    173172
    174173
     
    178177a)  Use BLiPP to gather host metrics   (Guilherme)
    179178
    180 via libvirt?
    181        
    182 via Shinken?
    183 
    184 Talking to Dan about use cases for gathering host metrics. 
    185 
    186 Could still use SNMP daemon from INSTOOLS  (Jim)
    187 
    188 b)  BLiPP pushes to Measurement Store (MS)
    189 
    190 Use http?  POST to port?  what about authentication and authorization?
    191        
    192 Use XSP, for streaming?
     179  - via libvirt?
     180       
     181  - via Shinken?
     182
     183  - Talking to Dan about use cases for gathering host metrics. 
     184
     185  - Could still use SNMP daemon from INSTOOLS  (Jim)
     186
     187b)  BLiPP pushes to Measurement Store (MS) 
     188
     189  - Use http?  POST to port?  what about authentication and authorization?
     190       
     191  - Use XSP, for streaming?
    193192       
    194193c)  Need to realize MS
    195194
    196 How many options?
    197        
    198 One per Aggregate?
    199 
    200 d)  Need to realize MAP service
    201 
    202 Based on Periscope?
    203        
    204 Include druple form INSTOOLS>
    205        
    206 How is this integrated with MS?
    207        
    208 e)  Uses UNIS (new version)
    209        
    210 Uses RESTful interface, replaces older UNIS with SOAP interface
    211        
    212 Allows drawing topology
    213        
    214 Used to configure services?
    215        
    216 Prototype underway (Ahmed)
     195  - How many options?
     196       
     197  - One per Aggregate?
     198
     199d)  Need to realize MAP service 
     200
     201  - Based on Periscope?
     202       
     203  - Include druple from INSTOOLS?
     204       
     205  - How is this integrated with MS?
     206       
     207e)  Uses UNIS (new version) 
     208       
     209  - Uses RESTful interface, replaces older UNIS with SOAP interface
     210       
     211  - Allows drawing topology
     212       
     213  - Used to configure services?
     214       
     215  - Prototype underway (Ahmed)
    217216       
    218217**Concern:  incompatible with earlier UNIS, which will still be required (see 9) below.
     
    220219e)  Later:  Extend to gathering data from an application
    221220
    222 f)  Task:  Prototype soon  (Guilherme)
    223 
    224 Need baseline configuration ASAP
     221f)  Task:  Prototype soon  (Guilherme) 
     222
     223  - Need baseline configuration ASAP
    225224
    226225
     
    233232b)  Start with protoGENI tutorial?  LAMP tutorial?  INSTOOLS tutorial?
    234233
    235 c)  Arrange user workspace (GPO, Jeannie)
    236 
    237 d)  What is first configuration of tools (see below) ?  LAMP on VMs?  (who provides?)   test scripts?  (Jeannie)
    238 
    239 e)  What is second configuration of tools (see below)?  BLiPP to measurement store, with presentation?  (Guilherme?)  when?  test scripts?  (Jeannie)
     234c)  Arrange user workspace (GPO, Jeanne)
     235
     236d)  What is first configuration of tools (see below) ?  LAMP on VMs?  (who provides?)   test scripts?  (Jeanne)
     237
     238e)  What is second configuration of tools (see below)?  BLiPP to measurement store, with presentation?  (Guilherme?)  when?  test scripts?  (Jeanne)
    240239
    241240
     
    267266k)  Extension:  pull data from one slice to another, as shown in p15 from Operator A to Operator B;  authorize using GENI credentials
    268267
    269 k)  Provide regression tests of various configurations, features, etc., driven by scripts
    270 
    271 l)  Provide tutorial for users at GEC14.
     268l)  Provide regression tests of various configurations, features, etc., driven by scripts
     269
     270m)  Provide tutorial for users at GEC14.
    272271
    273272
     
    293292
    294293Good:  all relevant code appears to be here, including Kentuck code
    295        
     294
    296295b)  Jira
    297296
    298297Good:  being used by IU to track project
    299        
     298
    300299**Concern:  Kentucky effort not reflected here
    301300