Changes between Version 2 and Version 3 of GeniIdentityAndAttributes


Ignore:
Timestamp:
04/11/11 16:39:09 (8 years ago)
Author:
tmitchel@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniIdentityAndAttributes

    v2 v3  
    33GENI requires a way of positively identifying experimenters and granting them access to tools and resources. Current control frameworks either maintain their own database of users or explicitly outsource this task to an identity provider. In addition to identifying experimenters, GENI needs information about attributes like institutional affiliation, project role, etc.
    44
    5 [wiki:GEC10IdentityAndAttributes GEC10 meeting]
     5== GEC10 Authorization Engineering Meeting ==
     6
     7At GEC10 there was an [wiki:GEC10IdentityAndAttributes identity and attributes engineering meeting] which discussed a proposal by Ken Klingenstein (Internet2) and Tom Mitchell (BBN) to incorporate external identity providers in GENI. Specifically, an !InCommon compatible GENI portal was proposed to allow new GENI experimenters to authenticate using their own institutional accounts. The meeting also discussed standardizing a set of identity attributes required for resource manipulation within GENI. Jeff Chase (Duke, ORCA) and Rob Ricci (Utah, Emulab/ProtoGENI) gave their perspectives on the proposal based on their experience as GENI control framework developers.
     8
     9== Community Agreement ==
     10 * Add external identity providers to GENI
     11 * GPO should build a prototype !InCommon compatible GENI portal / slice authority
     12 * Agree on an initial set of required identity attributes
     13  * Name
     14  * Institution
     15  * Affiliation
     16  * Email address
     17  * Phone number
     18
     19== Next Steps ==
     20 * GPO will build a prototype portal / slice authority that accepts !InCommon logons and produces slice credentials
     21  * Build a portal
     22  * Become an !InCommon service provider
     23  * Work with a few test institutions to get desired attributes from their identity providers
     24  * Federate with a few GENI Aggregates
     25 * Demonstrate this portal at GEC11
     26  * Pending group evaluation, expand this portal to other institutions and aggregates
     27
     28== Getting Involved ==
     29If you have questions or comments on the status of the authorization work, please email the GENI developers list (dev at geni.net) or Tom Mitchell (tmitchell at bbn.com).