wiki:GEMINI_WeeklyMinutes/04.05.2012

Version 1 (modified by Jeanne Ohren, 12 years ago) (diff)

--

Present: Harry, Jeanne, Hussam, Jim, Guilherme, Martin, Vic

ABAC:

Jim got code from Ted Faber. Looking through it. Looking at example code. ABAC is not currently implemented (at ISI?) as a service.

This needs to be done. Ted thinks this should be trivial. Looks like (via papers) ORCA has implemented as a server (ORCA Pod?) with RESTful interface.

Jim contacted Jeff Chase to get code. Making some progress, still some unknowns.

Martin: Thinks we perhaps can use UNIS for source of constraints or reference (URL) to constraints. Use libabac to prove the chain of assertions.

All agree that we should have a central location for rules.

Guilherme: Don’t want the rules to be exposed.

Is the proving done at the service or at the authenticating application?

Harry suggests drawing up a proposal for using ABAC. Jim: Jim and Martin to discuss, learn more, and come up with a proposal.

Gush:

What does Gush provide vs. Flack? Why would user use Gush?

Working with VMs. According to Vic, Jeannie A. says Gush will work with anything that allows SSH.

Jeanne O. has experienced some issues with VMs in Gush. Investigate further.

Issues with hostnames? Need to investigate this further.

Harry: Suggest Jeanne talk with Luisa about Gush information. She has worked with it a lot.

Jim asks Martin: How does Gush integrate with UNIS?

Discussion of using UNIS to store/access information about the slices for the experiment rather than passing around rspecs.

How do we keep this UNIS information up-to-date?

Guilherme suggests things that are outside of slice introspection, user needs to push to UNIS.

What types of changes can we make to the slice in Gush/Omni/other that I&M and others need to discover from UNIS?

Things to investigate regarding Gush (Jeanne will report next week):

  1. Tridentcom paper says gush has ability to add and remove nodes from a slice. How is this done? Under what circumstances does this work?

[GENI AM API does not support updateSliver]

  1. How does Gush work with protogeni VMs?

UNIS:

Old UNIS --> New UNIS: What is the transition plan?

Both can run in parallel until full functionality is available with new UNIS. Then turn down old UNIS.

Local vs. global UNIS hierarchy: Will new UNIS have local and global configuration? Yes, probably not by GEC14.