Context Navigation

Changes between Version 4 and Version 5 of GEMINI_TopicsIssuesTasks

Timestamp:: 04/04/12 19:09:32 (12 years ago)
Author:: Jeanne Ohren
Comment:: Cleaned up some formatting

Legend:

: Unmodified
: Added
: Removed
: Modified

GEMINI_TopicsIssuesTasks

-                      v4
+                      v5
 == 1)  Discussion of authentication and authorization:  multiple actor options: ==
 a)  tool (outside slice) to AggMgr srvc;  AM API;  XMl-RPC + ssl   [protoGENI cert + GENI credential]
+a)  tool (outside slice) to !AggMgr srvc;  AM API;  XMl-RPC + ssl   [protoGENI cert + GENI credential]
 b)  tool (outside slice) to host (Slice A);  ssh, scp    [private/public keys]
 …
 d)  ABAC  [Harry:  GPO believes that ABAC may eventually be used for resource assignment, but not soon]  [What code is available from ISI?  Jim is checking with Teb Faber;  waiting for a response]
         ABAC references:
         Deter web site: http://abac.deterlab.net/
         Authorization storyboard from Jeff Chase:  http://groups.geni.net/geni/wiki/AuthStoryBoard
         Slides on credential store from Jeff Chase:  http://groups.geni.net/geni/attachment/wiki/AuthStoryBoard/certstore.ppt
         Slides on future of authorization in GENI from Tom Mitchell:  http://groups.geni.net/geni/attachment/wiki/GEC13Agenda/Authorization/AuthFuture.pdf  [note options without and with credential store]
         Summary of GENI authorization discussion at GEC13 (and before):  http://groups.geni.net/geni/wiki/GeniAuthorization
+        ABAC references: [[BR]]
+        Deter web site: http://abac.deterlab.net/ [[BR]]
+        Authorization storyboard from Jeff Chase:  http://groups.geni.net/geni/wiki/AuthStoryBoard [[BR]]
+        Slides on credential store from Jeff Chase:  http://groups.geni.net/geni/attachment/wiki/AuthStoryBoard/certstore.ppt [[BR]]
+        Slides on future of authorization in GENI from Tom Mitchell:  http://groups.geni.net/geni/attachment/wiki/GEC13Agenda/Authorization/AuthFuture.pdf  [note options without and with credential store] [[BR]]
+        Summary of GENI authorization discussion at GEC13 (and before):  http://groups.geni.net/geni/wiki/GeniAuthorization  [[BR]]
 …
 g')  New task:  **Review possible tunnel through ssh (or use fo ssh to forward http port), to reuse available ssh port mapping.  (who?)
 g'')  New task:  ** Review port mapping for http, like ssh, with protoGENI, to see how it might be done (Nasir/Jim)
 g''') New task:  **Review need within GENI/GPO to open ports, and implications for rspec  (Harry)
+g!'')  New task:  ** Review port mapping for http, like ssh, with protoGENI, to see how it might be done (Nasir/Jim)
+g!''') New task:  **Review need within GENI/GPO to open ports, and implications for rspec  (Harry)
 h)  Task:  what about vnc tunnels?  how were they done in INSTOOLS?   which port on host?  (who?)
 …
 f)  Task:  What is required to secure keys/certificates/credentials?  passphrase?  other?  [Per Tom Mitchell, OMNI does not require passphrase, but FLACK does currently require passpharase]  [Per Jim protoGENI cert does require passphrase] [Vic to check with Steve Schwab;  need to balance security and ability ot use scripts.]
 g)  Start with CNRI:  Directory Archive (DA) service, which can push data to DOA service, using OI service
 Then replace DOA with iRODS
+g)  Start with CNRI:  Directory Archive (DA) service, which can push data to DOA service, using OI service [[BR]]
+Then replace DOA with iRODS [[BR]]
 [Have iRODS at IU for NetKarma;  Jim and Wesley talking with Ilia and Shu]
 …
 i)  Task:  Need help with final formulation of MDOD   (Ezra?)
 j)  Task:  Define view of user workspace service (Jeannie, Matt, Harry, Jim, Martin, Niky)
+j)  Task:  Define view of user workspace service (Jeanne, Matt, Harry, Jim, Martin, Niky)
 [Jeanne to add security policy into view]
 …
 c)  Task:  understand options for authentication and authorization at a web interface.  (who?)
 d)  Task: provide a more complete view of GEMINI portal service   (Harry, jim and Charles)
 Task:  Jim and Charles plan to provide in a week or two.
 Task:  Charles needs to find a name for the service
 After discussion on 3/31/12 with Jim, Harry feels that this is very close to Option 1:  "portal to UIs".
 Jim expects User to have a capable browser, e.g., one that runs HTML-5
 Jim expects portal to manage windowing to various GUIs.
 Jim expect all interactions to be via browser, so there are window(s) to login to shell(s), etc.
+d)  Task: provide a more complete view of GEMINI portal service   (Harry, jim and Charles) [[BR]]
+Task:  Jim and Charles plan to provide in a week or two. [[BR]]
+Task:  Charles needs to find a name for the service   [[BR]]
+After discussion on 3/31/12 with Jim, Harry feels that this is very close to Option 1:  "portal to UIs".   [[BR]]
+Jim expects User to have a capable browser, e.g., one that runs HTML-5 [[BR]]
+Jim expects portal to manage windowing to various GUIs. [[BR]]
+Jim expect all interactions to be via browser, so there are window(s) to login to shell(s), etc. [[BR]]
 Jim does not specify whether browser is looking at GUI in slice, or a tool;  tools are not in a specified place.
 Harry feels that portal and other tools are in a "user workspace",  in a persistent Linux environment, with file system, key/certificate/credential store, dedicated to the user;  could also have rspec store, etc. ;  then, all tools have ready access to required info, and can readily call one another.
 Harry thinks of "persistent Linux environment" on infrastructure, e.g., a server under your desk or in the lab;  not your laptop;  Jim agrees, and has thought portal would be hosted on infrastructure at Kentucky
 Harry feels that this is just a strucutre, that there is much more work to define tools, interfaces, etc.;  Jim agrees, was concerned it was the final configuration.
 Task:  Harry will modify drawing to reflect discussion with Jim, and then two perspectives can be compared.
 Done on 4/4;  agree thatprotal can be in user workspace, or somewhere else.
+Harry feels that portal and other tools are in a "user workspace",  in a persistent Linux environment, with file system, key/certificate/credential store, dedicated to the user;  could also have rspec store, etc. ;  then, all tools have ready access to required info, and can readily call one another. [[BR]]
+Harry thinks of "persistent Linux environment" on infrastructure, e.g., a server under your desk or in the lab;  not your laptop;  Jim agrees, and has thought portal would be hosted on infrastructure at Kentucky [[BR]]
+Harry feels that this is just a strucutre, that there is much more work to define tools, interfaces, etc.;  Jim agrees, was concerned it was the final configuration. [[BR]]
+Task:  Harry will modify drawing to reflect discussion with Jim, and then two perspectives can be compared. [[BR]]
+Done on 4/4;  agree that portal can be in user workspace, or somewhere else. [[BR]]
 See updated drawing.
 e)  Task:  Understand NICTA's iREEL portal service;  is this a more complete tool for managing I&M services?
 Get login, and survey  (Jeanne)
 Provide more info (NICTA, e.g., Christoph)
+  - Get login, and survey  (Jeanne)
+  - Provide more info (NICTA, e.g., Christoph)
 …
 a)  Use BLiPP to gather host metrics   (Guilherme)
 via libvirt?
 via Shinken?
 Talking to Dan about use cases for gathering host metrics.
 Could still use SNMP daemon from INSTOOLS  (Jim)
 b)  BLiPP pushes to Measurement Store (MS)
+Use http?  POST to port?  what about authentication and authorization?
 Use XSP, for streaming?
+  - via libvirt?
+  - via Shinken?
+  - Talking to Dan about use cases for gathering host metrics.
+  - Could still use SNMP daemon from INSTOOLS  (Jim)
+b)  BLiPP pushes to Measurement Store (MS)
+  - Use http?  POST to port?  what about authentication and authorization?
+  - Use XSP, for streaming?
 c)  Need to realize MS
+How many options?
 One per Aggregate?
 d)  Need to realize MAP service
+Based on Periscope?
+Include druple form INSTOOLS>
 How is this integrated with MS?
 e)  Uses UNIS (new version)
+Uses RESTful interface, replaces older UNIS with SOAP interface
+Allows drawing topology
+Used to configure services?
+Prototype underway (Ahmed)
+  - How many options?
+  - One per Aggregate?
+d)  Need to realize MAP service
+  - Based on Periscope?
+  - Include druple from INSTOOLS?
+  - How is this integrated with MS?
+e)  Uses UNIS (new version)
+  - Uses RESTful interface, replaces older UNIS with SOAP interface
+  - Allows drawing topology
+  - Used to configure services?
+  - Prototype underway (Ahmed)
 **Concern:  incompatible with earlier UNIS, which will still be required (see 9) below.
 …
 e)  Later:  Extend to gathering data from an application
 f)  Task:  Prototype soon  (Guilherme)
 Need baseline configuration ASAP
+f)  Task:  Prototype soon  (Guilherme)
+  - Need baseline configuration ASAP
 …
 b)  Start with protoGENI tutorial?  LAMP tutorial?  INSTOOLS tutorial?
 c)  Arrange user workspace (GPO, Jeannie)
 d)  What is first configuration of tools (see below) ?  LAMP on VMs?  (who provides?)   test scripts?  (Jeannie)
 e)  What is second configuration of tools (see below)?  BLiPP to measurement store, with presentation?  (Guilherme?)  when?  test scripts?  (Jeannie)
+c)  Arrange user workspace (GPO, Jeanne)
+d)  What is first configuration of tools (see below) ?  LAMP on VMs?  (who provides?)   test scripts?  (Jeanne)
+e)  What is second configuration of tools (see below)?  BLiPP to measurement store, with presentation?  (Guilherme?)  when?  test scripts?  (Jeanne)
 …
 k)  Extension:  pull data from one slice to another, as shown in p15 from Operator A to Operator B;  authorize using GENI credentials
 k)  Provide regression tests of various configurations, features, etc., driven by scripts
 l)  Provide tutorial for users at GEC14.
+l)  Provide regression tests of various configurations, features, etc., driven by scripts
+m)  Provide tutorial for users at GEC14.
 …
 Good:  all relevant code appears to be here, including Kentuck code
 b)  Jira
 Good:  being used by IU to track project
 **Concern:  Kentucky effort not reflected here