Changes between Version 9 and Version 10 of TIEDQ12011
- Timestamp:
- 04/05/11 16:42:25 (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDQ12011
v9 v10 20 20 * Browser development resulted in a second, interoperable ABAC implementation in native Java that is being taken up by the ORCA project. 21 21 * Included in ABAC 0.1.3, in the GENI Integration release v3.1 22 * Other GENI Interface de isgn22 * Other GENI Interface design 23 23 * Published and discussed a draft on the Future of the Slice manager interface. 24 24 * Discussions continuing on the CF lists 25 25 * Japan Collaboration 26 26 * Mike Ryan spent several weeks in Japan educating users on the TIED model and learning about their testbed models 27 * Col aboration underway to federate the two testbeds27 * Collaboration underway to federate the two testbeds 28 28 29 29 … … 31 31 == Description of the Work Performed During the Quarter == 32 32 33 The TIED work this quarter has focused in integration and improvement of the ABAC authorization framework and on improvi g the GENIAPI as interoperability framework. TIED's focus on federating resources from multiple control framework guides our interest in cross-framework authorization and allocation.33 The TIED work this quarter has focused in integration and improvement of the ABAC authorization framework and on improving the GENIAPI as interoperability framework. TIED's focus on federating resources from multiple control framework guides our interest in cross-framework authorization and allocation. 34 34 35 We have developed and inte rgrated the [http://abac.deterlab.net ABAC implementation] with GENI components and are pressing forward with new tools and moving from prototype integrations to operational deployments of ABAC in GENI. We have shown several levels of prototype integration this quarter (sample policy encodings, GENIAPI code integration, tool demonstrations) and achieved a consensus to deploy ABAC operationally.35 We have developed and integrated the [http://abac.deterlab.net ABAC implementation] with GENI components and are pressing forward with new tools and moving from prototype integrations to operational deployments of ABAC in GENI. We have shown several levels of prototype integration this quarter (sample policy encodings, GENIAPI code integration, tool demonstrations) and achieved a consensus to deploy ABAC operationally. 36 36 37 37 Similarly, our perspective as a consumer of GENI resources from multiple control frameworks has led us to be somewhat critical of the existing architecture for resource allocation. We have expressed these views in [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_GENIAPI_v1.2.pdf earlier] [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_PlanetLab_GENIAPI.pdf documents]. This quarter we published a document laying out constructive ways forward that address our concerns, and continue to argue for their uptake. … … 45 45 We have been extolling the benefits of the ABAC authorization system and our implementation of it for some time, and this quarter we took steps to prove that a large scale integration with GENI is technically and practically feasible. This has taken the form of demonstrations, documentation, and trial integrations that have led to a commitment to integrating ABAC into a GENI control framework (ProtoGENI) over the next year. 46 46 47 One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that exis ing implementations of both the AM and ABAC were mature enough to work together. Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter. The integration proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.47 One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that existing implementations of both the AM and ABAC were mature enough to work together. Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter. The integration proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff. 48 48 49 49 We both encoded GENI policy into ABAC credentials and produced an explanatory document describing both the GENI policy and the ABAC encoding of it. That document has proven powerful in framing the discussion of both an ABAC deployment and GENI authorization in general. That document appeared because we technically demonstrated one policy encoding when we produced the GENIAPI AM integration, so we took advantage of the second milestone to both provide a more comprehensive encoding of GENI policy and a complete documentation of that encoding. That document has been the basis for many ongoing discussions among GENI implementers and was part of the basis for the agreement reached at GEC10. … … 51 51 Finally, in conjunction with GPO staff and Steve Schwab, the GENI security architect, TIED staff were instrumental in forging an agreement to integrate ABAC with an GENI CF - ProtoGENI - this year. This entailed several discussions and presentations at GEC10. 52 52 53 == ABAC Develop ement ==53 == ABAC Development == 54 54 55 ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof. This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the cry tpographic representations of those credentials. That browser was demonstrated at GEC10.55 ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof. This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the cryptographic representations of those credentials. That browser was demonstrated at GEC10. 56 56 57 As a side effect of that bro swer development, which was carried out in Java, we now have an interoperable implementation in Java. Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable. A native Java implementation was developed and is integrated into the most recent ABAC release (0.1.3). Orcadevelopers who work in Java are currently taking that code up.57 As a side effect of that browser development, which was carried out in Java, we now have an interoperable implementation in Java. Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable. A native Java implementation was developed and is integrated into the most recent ABAC release (0.1.3). ORCA developers who work in Java are currently taking that code up. 58 58 59 59 In addition, the ABAC libraries with Java support are being integrated into the GENI Integration release 3.1. … … 67 67 == International Collaboration == 68 68 69 As we have reported earl er, TIED is collaborating with several Japanese research agencies on federating testbeds using TIED and GENI technologies.The organizations are the Nara Institute of Science and Technology ([http://www.naist.jp/index_j.html NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([http://www.jaist.ac.jp/ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [http://www.j.u-tokyo.ac.jp/ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [http://www.isi.edu ISI] investigators are John Wroclawski (PI) and Bill Manning.69 As we have reported earlier, TIED is collaborating with several Japanese research agencies on federating testbeds using TIED and GENI technologies.The organizations are the Nara Institute of Science and Technology ([http://www.naist.jp/index_j.html NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([http://www.jaist.ac.jp/ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [http://www.j.u-tokyo.ac.jp/ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [http://www.isi.edu ISI] investigators are John Wroclawski (PI) and Bill Manning. 70 70 71 71 There are four goals of this collaboration: … … 83 83 * John Wroclawski, PI 84 84 * Ted Faber, Research Computer Scientist 85 * Mike Ryan, System ns Programmer85 * Mike Ryan, Systems Programmer 86 86 87 87 * Individuals contributing to the project with outside support: … … 91 91 * International Collaborators 92 92 * Prof. Suguru Yamaguchi, Graduate School of Information Science, Nara Institute of Science and Technology (NIAST) 93 * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of In cormation and Communications Technology (NICT)93 * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of Information and Communications Technology (NICT) 94 94 * Prof. Tetsuo Wasano, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) 95 95 * Prof. Yuji Sekiya, University of Tokyo