| 47 | We both encoded GENI policy into ABAC credentials and produced an explanatory document describing both the GENI policy and the ABAC encoding of it that has proven powerful in explaining the problem and ABAC's role in its solution. In preparing the integrated AM code, we technically demonstrated this capability, so we took advantage of the second milestone to both provide a more comprehensive encoding of GENI policy and to provide a comprehensive documentation of that encoding. That document has been the basis for many ongoing discussions among GENI implementers and was part of the basis for the agreement reached at GEC10. |
| 48 | |
| 49 | Finally, in conjunction with GPO staff and Steve Schwab, the GENI security architect, TIED staff were instrumental in forging an agreement to integrate ABAC with an GENI CF - ProtoGENI - this year. This entailed several discussions and presentations at GEC10. |
| 50 | |
| 51 | == ABAC Developement == |
| 52 | |
| 53 | ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof. This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the crytpographic representations of those credentials. That browser was demonstrated at GEC10. |
| 54 | |
| 55 | As a side effect of that broswer development, which was carried out in Java, we now have an interoperable implementation in Java. Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable. A native-java implementation was developed and is integrated into the most recent ABAC release (0.1.3). Orca developers who work in java are currently taking that code up. |
| 56 | |
| 57 | In addition, the ABAC libraries with Java support are being integrated into the GENI Integration release 3.1. |
| 58 | |
| 59 | == Interface Discussions == |
| 60 | |
| 61 | This quarter saw circulation of a document discussing missing pieces of the GENIAPI interface, primarily concerned with missing interfaces that impede interoperability between control frameworks. We identified these problems when designing plug-ins to allocate resources across control frameworks using TIED's federation system. This document describes our suggestions for steps forward to improve the situation. |
| 62 | |
| 63 | We have circulated the document privately among the key GENI and GPO developers and then released it to the control framework mailing list. It continues to generate discussion and debate. |
| 64 | |
| 65 | == International Collaboration == |
| 66 | |
| 67 | As we have reported earler, TIED is collaborating with several Japanese research agencies on federating testbeds using TIED and GENI technologies.The organizations are the Nara Institute of Science and Technology ([http://www.naist.jp/index_j.html NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([http://www.jaist.ac.jp/ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [http://www.j.u-tokyo.ac.jp/ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [http://www.isi.edu ISI] investigators are John Wroclawski (PI) and Bill Manning. |
| 68 | |
| 69 | There are four goals of this collaboration: |
| 70 | |
| 71 | * Prototyping a TIED plug-in for access to the Japanese [http://www.starbed.org StarBed] facility |
| 72 | * Demonstrating two cooperative seed research projects |
| 73 | * Demonstrating research enabled by federation |
| 74 | * One group plans to access the BGPMUX in ProtoGENI from !StarBed using the TIED plug-in developed above |
| 75 | * Student Exchanges |
| 76 | |
| 77 | We advanced the first and last of these goals this quarter by sending TIED staffer Mike Ryan to Japan for several weeks. Mike took part in WIDE camp and spent time learning the details of the StarBed model as well as educating his Japanese counterparts in the TIED model of federation. Though Mike's stay was interrupted, the collaboration and co-development is continuing. |
| 78 | |
| 79 | == Project participants == |
| 80 | * Individuals directly supported by TIED award: |
| 81 | * John Wroclawski, PI |
| 82 | * Ted Faber, Research Computer Scientist |
| 83 | * Tom Lehman, Research Computer Scientist |
| 84 | |
| 85 | * Individuals contributing to the project with outside support: |
| 86 | * Jelena Mirkovic, ISI Research Computer Scientist |
| 87 | * Mike Ryan, ISI Systems Programmer |
| 88 | * Jay Jacobs, Cobham Systems Programmer |
| 89 | * Brett Wilson, Cobham Systems Programmer |
| 90 | * Bill Manning, Research Staff Member |
| 91 | |
| 92 | * International Collaborators |
| 93 | * Prof. Suguru Yamaguchi, Graduate School of Information Science, Nara Institute of Science and Technology (NIAST) |
| 94 | * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of Incormation and Communications Technology (NICT) |
| 95 | * Prof. Tetsuo Wasano, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) |
| 96 | * Prof. Yuji Sekiya, University of Tokyo |