wiki:LEFA

Version 16 (modified by kjk@internet2.edu, 13 years ago) (diff)

--

Project Number

1734

Project Title

Leveraging Emergent Federated Activities
a.k.a. LEFA

Technical Contacts

PI: Kenneth J. Klingenstein, Internet2 kjk@internet2.edu
Steven Carmody, Brown University Steven_Carmody@brown.edu

Participating Organizations

Internet2
Ann Arbor, MI

Brown University
Providence, RI

GPO Liaison System Engineer

Vic Thomas

Scope

The work will focus on enabling GENI for federated identity, developing options for supporting virtual organizations within the GENI community, brokering GENI's international requirements at the middleware layer, providing white papers on critical GENI topics in which the Internet2 middleware community has established expertise, requirements gathering for federated authentication/authorization and attribute aggregation across the GENI clusters, and on working closely with other peer proposals investigating related themes.

Current Capabilities

Milestones

MilestoneDate(LEFA: S2.a Federation technologies within ORCA)?
MilestoneDate(LEFA: S2.b Demo at GEC 7)?
MilestoneDate(LEFA: S2.c Begin PlanetLab Engagement)?
MilestoneDate(LEFA: S2.d White paper on the federation knot in GENI)?

MilestoneDate(LEFA: S3.a Identify clearinghouse to be moved into InCommon)?
MilestoneDate(LEFA: S3.b Workshop at GEC10)?
MilestoneDate(LEFA: S3.c Roadmap for clearinghouses joining InCommon)?
MilestoneDate(LEFA: S3.d Demonstration and outreach at GEC11)?
MilestoneDate(LEFA: S3.e Updated roadmap for clearinghouses joining InCommon)?

Project Technical Documents

LEFA []Annual Review slides

Quarterly Status Reports

March 2010 Status Report

LEFA Project Status Report Period: April 2010 – June 2010

  1. Major accomplishments

Developed an approach to interacting with portal-based access controls in GENI.

  1. Milestones achieved

The federation knot paper continues to circulate. The distinctions and relationships between federated identity and federated control planes are being sharpened in the GENI community.

  1. Deliverables made

Setting up demo for GEC8.

  1. Description of work performed during last quarter
  1. Activities and findings
  • Worked with ORCA and central IT staff at Duke to implement Shibboleth environment for ORCA staff to explore and learn from.
  • Worked with Planetlab deployer in Romania to incorporate Shibboleth IDP into Plantelab node.
  • Worked with BBN staff discussing Shibboleth, its model, and how it could be incorporated into GENI security architecture and add value.
  • Working with PMO and Duke to define and develop demo for GEC8.
  • Working with various people to begin implementing the set of services that will comprise the demo.
  • Participated and presented in the NSF FIRE workshop at Princeton in May.
  • Discussed the GENI opportunities and impacts with leading research universities CIOs in May.
  1. Project participants

Ken Klingenstein (internet2), Principal Investigator: project direction, federation analysis, white paper development, participant in GENI CF discussions, liaison with Steve Sch of Cobham and service as project laison to the GPO

Steven Carmody (Brown University), Senior IT Architect at Brown University and Project Manager of Internet2's Shibboleth Project: focus on engagement with ORCA and Planetlab on technical issues

  1. Publications (individual and organizational)
  1. Outreach activities
  1. Collaborations

ORCA control framework. A federated Planetlab in Romania.

  1. Other Contributions

================================

LEFA Project Status Report Period: July 2010 –Sept 2010

  1. Major accomplishments.

Demonstrated the use of identity federation and enterprise group control to manage many aspects of ORCA at GEC8.

  1. Milestones achieved.

Established a proof of concept that federated identity and group access controls can manage GENI experiments.

  1. Deliverables made.

The demo at GEC8 illustrated not only the use of federated identity but also the use of groups for access control. Worked with the Cobham group and introduced them to COmanage and the issues and approaches to attribute creation at the enterprise and at the cluster/experiment level. The federation knot paper continues to draw comments.

  1. Description of work performed during last quarter
  1. Activities and findings
  • Worked with ORCA and central IT staff at Duke to implement Shibboleth/Grouper environment and to integrate Shibboleth with the ORCA portal.
  • Developed demo showing authentication at the home campus and use of group memberships within CoManange to manage permissions at the GENI portal.
  • Worked with TIED deployer to integrate Shibboleth with their attribute-based access control libraries.
  • Held ongoing discussions with GPO on identity management and access issues.
  • Delivered demo at GEC8.
  1. Project participants

Ken Klingenstein (Internet2), Principal Investigator: project direction, federation analysis, white paper development, participant in GENI CF discussions, liaison with Steve Schwab of Cobham and service as project liaison to the GPO.

Steven Carmody (Brown University), Senior IT Architect at Brown University and Project Manager of Internet2's Shibboleth Project: focus on engagement with ORCA and Planetlab on technical issues.

  1. Publications (individual and organizational)
  1. Outreach activities
  1. Collaborations

ORCA control framework. TIED project for Linking Attributes to policy engines for access control. Cobham integrated.

  1. Other Contributions

Has provided GPO with advice on identity management activities in other venues, including government.

=====================================================

LEFA Project Status Report Period: October 1, 2010 - March 2011

  1. Major accomplishments
  2. Milestones achieved

Presented at GEC10 in support of federated identity proposal Proposal was endorsed by GENI community and will set a plan for the next six months on a number of federated activities and opportunities Began discussion of the use of COmanage to generate local attributes

  1. Deliverables made

Workshop at GEC10 on federated identity

  1. Description of work performed during last quarter
  2. Activities and findings

Worked closely with GPO and two clusters (ORCA and ProtoGENI) to develop a federated identity alternative for GENI Helped develop a plan for the GENI portal with GENI staff, and set an agenda going forward.

Began to develop a set of options for federated IdM for GPO staff, to allow it to get to distributed GENI participant resources. Plan may use COmanage as a local IdM for GPO, addressing the lack of appropriate IdM infrastructure in the GPO, in BBN and in Raytheon. Began to identify options for federating GENI collaboration resources, such as its lists and wikis.

Clarified the options for the creation and aggregation of attributes associated with GENI participants.

  1. Project participants

Steven Carmody, Brown; Ken Klingenstein, Internet2; Heather Flanagan, Internet2

  1. Publications (individual and organizational)

none

  1. Outreach activities ¶

Promoted relationship with GENI to NSF OCI, who was most pleased.

  1. Collaborations

ORCA and ProtoGENI, Steve Schwab, Ted Faber ¶

  1. Other Contributions ¶

Spiral 2 Connectivity

Related Projects

Shibboleth
InCommon

Attachments (3)

Download all attachments as: .zip