151 | | ''Description to be provided.'' |
| 157 | Organizers: [mailto:Stephen.Schwab@cobham.com Steve Schwab], Jay Jacobs, Alefiya Hussain (Cobham Analytic Solutions); John Wroclawski, Ted Faber (USC/ISI) |
| 158 | |
| 159 | This workshop will review and discuss Attribute-Based Access Control (ABAC) concepts, principles of operation, and software implementation as related to current and on-going work in GENI. There will be an overview session to review the semantics and logical underpinnings of the seminal ABAC work on trust negotiation, and other sessions to cover: |
| 160 | |
| 161 | * A demonstration and tutorial on the internals of the current ABAC software implementation, in particular focusing on calling conventions and interfaces. This tutorial should assist other projects interested in exploiting ABAC for authorization or access control within their implementation and control framework. |
| 162 | |
| 163 | * A session or moderated panel on the architecture of distributed authorization and trust policies for GENI clearinghouses, control frameworks, substrates and [aggregate] component managers. This session will cover issues related to how GENI entities and campuses hosting GENI deployments should structure trust relationships and authorization policies to support federation amongst themselves as well as with federations extending beyond the GENI-sphere. |
| 164 | |
| 165 | * A session on how particular distributed authorization and trust policies can be rendered using the primitive mechanisms available within ABAC, as well as the potential to leverage other widely deployed federated authorization management systems such as Shibboleth/InCommon. Additionally, questions surrounding what sorts of high-level tools are needed for users and administrators to effectively manage authorization and trust relationships will be discussed. |