wiki:LEFA-QSR-Sept2010

Version 1 (modified by Vic Thomas, 8 years ago) (diff)

--

LEFA Project Status Report Period: July 2010 –Sept 2010

I. Major accomplishments.

Demonstrated the use of identity federation and enterprise group control to manage many aspects of ORCA at GEC8.

A. Milestones achieved.

Established a proof of concept that federated identity and group access controls can manage GENI experiments.

B. Deliverables made.

The demo at GEC8 illustrated not only the use of federated identity but also the use of groups for access control. Worked with the Cobham group and introduced them to COmanage and the issues and approaches to attribute creation at the enterprise and at the cluster/experiment level. The federation knot paper continues to draw comments.

II. Description of work performed during last quarter

A. Activities and findings

  • Worked with ORCA and central IT staff at Duke to implement Shibboleth/Grouper environment and to integrate Shibboleth with the ORCA portal.
  • Developed demo showing authentication at the home campus and use of group memberships within CoManange to manage permissions at the GENI portal.
  • Worked with TIED deployer to integrate Shibboleth with their attribute-based access control libraries.
  • Held ongoing discussions with GPO on identity management and access issues.
  • Delivered demo at GEC8.

B. Project participants

Ken Klingenstein (Internet2), Principal Investigator: project direction, federation analysis, white paper development, participant in GENI CF discussions, liaison with Steve Schwab of Cobham and service as project liaison to the GPO.

Steven Carmody (Brown University), Senior IT Architect at Brown University and Project Manager of Internet2's Shibboleth Project: focus on engagement with ORCA and Planetlab on technical issues.

C. Publications (individual and organizational)

D. Outreach activities

E. Collaborations

ORCA control framework. TIED project for Linking Attributes to policy engines for access control. Cobham integrated.

F. Other Contributions

Has provided GPO with advice on identity management activities in other venues, including government.