wiki:ORCA-BEN-GEC12-SR

Version 7 (modified by chase@cs.duke.edu, 8 years ago) (diff)

added more details per Ilia's request

ORCABEN/ORCAAUG GEC12 Status Report

Remaining milestone status in ORCABEN

  • ORCABEN: S3.b.6: Completed. Installing an ORCA site is well-documented and tested process. There are sites in UH and UaF in addition to BEN sites.
  • ORCABEN: S3.b.7: Currently being implemented and will be release with ORCA Dungeness 4.0. This is a very disruptive change we could not fit in the schedule in Spiral 3.
  • ORCABEN: S3.d.1: Camano 3.0 released in May 2011.
  • ORCABEN: S3.d.2: Request and manifest conversion has been demonstrated. Ad conversion is under implementation and will be part of Dungeness 4.0
  • ORCABEN: S3.d.3 and ORCABEN: S3.d.4: There were delays in getting connectivity to ION beyond our control. We expect to have the connectivity available in Spiral 4 via StarLight/iGENI as Internet2 now should have available ports at StarLight for us to connect.
  • ORCABEN: S3.e: ORCA only entered beta operations starting with Camano 3.1 (Dec 2011). IMF project demonstrated using ORCA for its activities. We are working with other experimenters within and outside Cluster D allowing them to use limited ORCA resources for experiments.
  • ORCABEN: S3.f.1: GUSH has been integrated and tested with ORCA and used as part of the GUSH tutorial. GUSH assumes having a public IP address on allocated slivers which is not true on all ORCA substrates. In 4.0 we will add a feature permitting GUSH to work from behind NATted address space
  • ORCABEN: S3.f.2: Camano 3.1 released in Dec. 2011.
  • ORCABEN: S3.f.3: This milestone is being folded into OpenFlow support in ORCA in Spiral 4.

Remaining milestone status in ORCAAUG

  • ORCAAUG: S3.d.2: Camano 3.0 released in May 2011
  • ORCAAUG: S3.e: See ORCABEN: S3.e above
  • ORCAAUG: S3.f.1: Completed and demonstrated
  • ORCAAUG: S3.f.2: Initial ABAC implementation demonstrated at GEC11. Ted Faber demonstrated additional code at GEC12. Jeff Chase worked with Tom Mitchell on allowing Shibboleth attributes from Duke IdP to be passed to GENI portal and creating credentials based on that.
  • ORCAAUG: S3.f.3: There is an advance scheduling implementation in the current code. We will continue improving it.
  • ORCAAUG: S3.f.4: Camano 3.1 released in Dec. 2011.

Authorization

  • Jeff Chase and Prateek Jaipuria continued working with the Authorization project on trust management and federation issues. In particular, working with the Deter team, we have put together a complete end-to-end picture of authorization for the GENI federation based on RT0 delegation logic (ABAC), including requirements for authorization of users, projects, and slices. Prateek Jaipuria completed integration of support for checking ABAC credentials into the ORCA software.
  • The ABAC-in-ORCA prototype presumes that all needed credentials are available to the server, and that none of them have been revoked or expired. The team has defined a credential management framework that can assure these properties, and is moving forward with a prototype. Muzhi Zhao has developed a centralized prototype of the credential management service.
  • Jeff Chase summarized this progress and related issues in a talk at the Authorization Session at GEC12. More recently we have prepared detailed materials outlining the emerging federated authorization framework for GENI, and posted them on the GENI wiki as an Authorization Storyboard.
  • Prateek Jaipuria interned at GPO in Summer 2011 and completed some Protogeni integration steps, including checking of Protogeni credentials. This support enables ORCA deployments to federate with GPO services for approving users and their slices.
  • The team worked with Ted Faber of the Deter project to assist Ted in adding support in ORCA to check common ABAC credential formats across ORCA and Protogeni sites.
  • We have also made some progress on OpenFlow authorization. We are exploring some use cases for the integration of OpenFlow with cloud services, and for which flowspace authorization can be automated in the ORCA AMs. We are designing software around these use cases for the upcoming ExoGENI deployment, working with new MS student Ke Xu. We have prepared a working paper for use of OpenFlow in networked cloud services called OpenFlow-on-Demand.

Project Participants

  • Ilia Baldine PI, RENCI
  • Jeff Chase PI, Duke University
  • Yufeng Xin (NDL-OWL development, experiment embedding), RENCI
  • Anirban Mandal (actor registry, XMLRPC controller, policy development), RENCI
  • Chris Heermann (BEN Operations, Cluster D connectivity), RENCI
  • Victor Orlikowski (Development, quality assurance, testbed development and administration), Duke University
  • Aydan Yumerefendi (codebase maintenance, documentation, core enhancements) – core development team, RENCI
  • Prateek Jaipuria (ImageProxy, Shibboleth integration, identity management and authorization), Duke University
  • Muzhi Zhao (ImageProxy development), Duke University
  • Ke Xu (OpenFlow use cases for ExoGENI)