Changes between Version 9 and Version 10 of TIEDQ12011


Ignore:
Timestamp:
04/05/11 16:42:25 (13 years ago)
Author:
faber@isi.edu
Comment:

spell check

Legend:

Unmodified
Added
Removed
Modified
  • TIEDQ12011

    v9 v10  
    2020   * Browser development resulted in a second, interoperable ABAC implementation in native Java that is being taken up by the ORCA project.
    2121     * Included in ABAC 0.1.3, in the GENI Integration release v3.1
    22  * Other GENI Interface deisgn
     22 * Other GENI Interface design
    2323   * Published and discussed a draft on the Future of the Slice manager interface.
    2424   * Discussions continuing on the CF lists
    2525 * Japan Collaboration
    2626     * Mike Ryan spent several weeks in Japan educating users on the TIED model and learning about their testbed models
    27      * Colaboration underway to federate the two testbeds
     27     * Collaboration underway to federate the two testbeds
    2828
    2929
     
    3131== Description of the Work Performed During the Quarter ==
    3232
    33 The TIED work this quarter has focused in integration and improvement of the ABAC authorization framework and on improvig the GENIAPI as interoperability framework.  TIED's focus on federating resources from multiple control framework guides our interest in cross-framework authorization and allocation. 
     33The TIED work this quarter has focused in integration and improvement of the ABAC authorization framework and on improving the GENIAPI as interoperability framework.  TIED's focus on federating resources from multiple control framework guides our interest in cross-framework authorization and allocation. 
    3434
    35 We have developed and intergrated the [http://abac.deterlab.net ABAC implementation] with GENI components and are pressing forward with new tools and moving from prototype integrations to operational deployments of ABAC in GENI.  We have shown several levels of prototype integration this quarter (sample policy encodings, GENIAPI code integration, tool demonstrations) and achieved a consensus to deploy ABAC operationally.
     35We have developed and integrated the [http://abac.deterlab.net ABAC implementation] with GENI components and are pressing forward with new tools and moving from prototype integrations to operational deployments of ABAC in GENI.  We have shown several levels of prototype integration this quarter (sample policy encodings, GENIAPI code integration, tool demonstrations) and achieved a consensus to deploy ABAC operationally.
    3636 
    3737Similarly, our perspective as a consumer of GENI resources from multiple control frameworks has led us to be somewhat critical of the existing architecture for resource allocation.  We have expressed these views in [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_GENIAPI_v1.2.pdf earlier] [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_PlanetLab_GENIAPI.pdf documents]. This quarter we published a document laying out constructive ways forward that address our concerns, and continue to argue for their uptake.
     
    4545We have been extolling the benefits of the ABAC authorization system and our implementation of it for some time, and this quarter we took steps to prove that a large scale integration with GENI is technically and practically feasible.  This has taken the form of demonstrations, documentation, and trial integrations that have led to a commitment to integrating ABAC into a GENI control framework (ProtoGENI) over the next year.
    4646
    47 One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that exising implementations of both the AM and ABAC were mature enough to work together.  Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter.  The integration proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.
     47One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that existing implementations of both the AM and ABAC were mature enough to work together.  Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter.  The integration proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.
    4848
    4949We both encoded GENI policy into ABAC credentials and produced an explanatory document describing both the GENI policy and the ABAC encoding of it. That document has proven powerful in framing the discussion of both an ABAC deployment and GENI authorization in general.  That document appeared because we technically demonstrated one policy encoding when we produced the GENIAPI AM integration, so we took advantage of the second milestone to both provide a more comprehensive encoding of GENI policy and a complete documentation of that encoding.  That document has been the basis for many ongoing discussions among GENI implementers and was part of the basis for the agreement reached at GEC10.
     
    5151Finally, in conjunction with GPO staff and Steve Schwab, the GENI security architect, TIED staff were instrumental in forging an agreement to integrate ABAC with an GENI CF - ProtoGENI - this year.  This entailed several discussions and presentations at GEC10.
    5252
    53 == ABAC Developement ==
     53== ABAC Development ==
    5454
    55 ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof.  This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the crytpographic representations of those credentials.  That browser was demonstrated at GEC10.
     55ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof.  This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the cryptographic representations of those credentials.  That browser was demonstrated at GEC10.
    5656
    57 As a side effect of that broswer development, which was carried out in Java, we now have an interoperable implementation in Java.  Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable.  A native Java implementation was developed and is integrated into the most recent ABAC release (0.1.3).  Orca developers who work in Java are currently taking that code up.
     57As a side effect of that browser development, which was carried out in Java, we now have an interoperable implementation in Java.  Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable.  A native Java implementation was developed and is integrated into the most recent ABAC release (0.1.3).  ORCA developers who work in Java are currently taking that code up.
    5858
    5959In addition, the ABAC libraries with Java support are being integrated into the GENI Integration release 3.1.
     
    6767== International Collaboration ==
    6868
    69 As we have reported earler, TIED is collaborating with several Japanese research agencies on federating testbeds using TIED and GENI technologies.The organizations are the Nara Institute of Science and Technology ([http://www.naist.jp/index_j.html NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([http://www.jaist.ac.jp/ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [http://www.j.u-tokyo.ac.jp/ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [http://www.isi.edu ISI] investigators are John Wroclawski (PI) and Bill Manning.
     69As we have reported earlier, TIED is collaborating with several Japanese research agencies on federating testbeds using TIED and GENI technologies.The organizations are the Nara Institute of Science and Technology ([http://www.naist.jp/index_j.html NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([http://www.jaist.ac.jp/ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [http://www.j.u-tokyo.ac.jp/ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [http://www.isi.edu ISI] investigators are John Wroclawski (PI) and Bill Manning.
    7070
    7171There are four goals of this collaboration:
     
    8383   * John Wroclawski, PI
    8484   * Ted Faber, Research Computer Scientist
    85    * Mike Ryan, Systemns Programmer
     85   * Mike Ryan, Systems Programmer
    8686
    8787 * Individuals contributing to the project with outside support:
     
    9191 * International Collaborators
    9292   * Prof. Suguru Yamaguchi, Graduate School of Information Science, Nara Institute of Science and Technology (NIAST)
    93    * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of Incormation and Communications Technology (NICT)
     93   * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of Information and Communications Technology (NICT)
    9494   * Prof. Tetsuo Wasano, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST)
    9595   * Prof. Yuji Sekiya, University of Tokyo