Changes between Version 2 and Version 3 of GeniClearinghouse


Ignore:
Timestamp:
02/24/12 15:28:38 (7 years ago)
Author:
mbrinn@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniClearinghouse

    v2 v3  
    2727The Clearinghouse provides a Credential Store that provides authorized read/write access to all credentials for all GENI-trusted entities. This store allows for federation or local authorization services or other policy decision or enforcement points to have access to the appropriate credentials without needing to carry or compute these at the time of each customer request. The Credential Store allows for mapping a known user certificate or other unique identifier to a list of signed credentials associated with that individual. By keeping authorization credentials separate from authentication certificates and by imposing short time outs on credentials, it is possible to modify credentials and have the effects of these modifications take effect in a  reliable and timely manner throughout the federation.
    2828
    29 '''Accountability Services.'' The Clearinghouse provides services that log transactions (successful or failed) between user tools and aggregates to support real-time and post-facto forensics analytics. By maintaining logs and databases of transaction callers and arguments, of projects and their slices and slivers, the GMOC can have critical timely trace back to find the identities of possibly misbehaving users or responsible project leads. They can then, depending on the situation, contact the project lead, shut down all or some slivers associated with a misbehaving aggregate or user or some combination thereof.
     29'''Accountability Services.''' The Clearinghouse provides services that log transactions (successful or failed) between user tools and aggregates to support real-time and post-facto forensics analytics. By maintaining logs and databases of transaction callers and arguments, of projects and their slices and slivers, the GMOC can have critical timely trace back to find the identities of possibly misbehaving users or responsible project leads. They can then, depending on the situation, contact the project lead, shut down all or some slivers associated with a misbehaving aggregate or user or some combination thereof.
    3030
    3131The Logging Service provided by the Clearinghouse fronts a store for writing and querying data associated with transactions, allowing for determining what entity made what requests and got what results.