The GENI Architecture is composed of two fundamental pieces, each seeking to address different issues:

• Network Architecture: How can we establish topologies of computation and network resources in an isolated deeply programmable context?
• Federation Architecture: How can we establish trust among broad sets of users and contributors of independently owned and operated resources?

The essentials of network architecture are described <*>. This page describes the foundations of federation architecture.

GENI is composed of a broad set of heterogeneous resources, each owned and operated by different entities. They wish these entities to participate in GENI and allow these resources to be made available to researches. But they want to maintain a degree of control and trust that these resources will be used in a responsible and secure manner. In addition to these resource owners, GENI has a broad community of experimenters and researchers who wish to build topologies from these resources on which to perform reseach and experimentation.

The question of trust becomes critical for establishing this exchange of resources. There are simply too many resource providers and potential customers to allow everyone to know everyone and approve of every resource-related translation.

What is needed is a trusted third party who can vouch for the proper operations of resources (for the experimenters) and for the credentials of the experimenters (for the resource owners). This trusted third party is the GENI Federation. It establishes common notions of identity, authentication, authorization and accountability to allow all participations in the GENI federation to enter into resource exchange in a trusted manner.

Resource owners and experimenters and federations are real people or groups: GENI establishes software services to represent their interests in these transactions.

The following figure shows these real-world entities and their virtual representatives in the GENI Federation Architecture.