Version 3 (modified by, 11 years ago) (diff)


Identity and Attributes

GENI requires a way of positively identifying experimenters and granting them access to tools and resources. Current control frameworks either maintain their own database of users or explicitly outsource this task to an identity provider. In addition to identifying experimenters, GENI needs information about attributes like institutional affiliation, project role, etc.

GEC10 Authorization Engineering Meeting

At GEC10 there was an identity and attributes engineering meeting which discussed a proposal by Ken Klingenstein (Internet2) and Tom Mitchell (BBN) to incorporate external identity providers in GENI. Specifically, an InCommon compatible GENI portal was proposed to allow new GENI experimenters to authenticate using their own institutional accounts. The meeting also discussed standardizing a set of identity attributes required for resource manipulation within GENI. Jeff Chase (Duke, ORCA) and Rob Ricci (Utah, Emulab/ProtoGENI) gave their perspectives on the proposal based on their experience as GENI control framework developers.

Community Agreement

  • Add external identity providers to GENI
  • GPO should build a prototype InCommon compatible GENI portal / slice authority
  • Agree on an initial set of required identity attributes
    • Name
    • Institution
    • Affiliation
    • Email address
    • Phone number

Next Steps

  • GPO will build a prototype portal / slice authority that accepts InCommon logons and produces slice credentials
    • Build a portal
    • Become an InCommon service provider
    • Work with a few test institutions to get desired attributes from their identity providers
    • Federate with a few GENI Aggregates
  • Demonstrate this portal at GEC11
    • Pending group evaluation, expand this portal to other institutions and aggregates

Getting Involved

If you have questions or comments on the status of the authorization work, please email the GENI developers list (dev at or Tom Mitchell (tmitchell at