Changes between Version 8 and Version 9 of TIEDQ12011


Ignore:
Timestamp:
04/04/11 21:10:55 (8 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDQ12011

    v8 v9  
    2525 * Japan Collaboration
    2626     * Mike Ryan spent several weeks in Japan educating users on the TIED model and learning about their testbed models
    27      * Work underway to federate the two testbeds
     27     * Colaboration underway to federate the two testbeds
    2828
    2929
     
    3131== Description of the Work Performed During the Quarter ==
    3232
    33 TIED's focus on the creation of federated experiments across multiple testbed architectures has allowed us to focus on key areas for GENI interoperability: a federable authorization framework (ABAC) and the overall architecture of the GENIAPI from the perspective of a system that combines resources across multiple control frameworks.  We have implemented such a simple federable framework in the [http://abac.deterlab/net ABAC system], and  much of the work this quarter has been in demonstrating that our implementation is ready for use and can be integrated with the existing GENI frameworks.  We made significant forward progress on both these fronts.
     33The TIED work this quarter has focused in integration and improvement of the ABAC authorization framework and on improvig the GENIAPI as interoperability framework.  TIED's focus on federating resources from multiple control framework guides our interest in cross-framework authorization and allocation. 
    3434
    35 Similarly, our perspective as a consumer of GENI resources from multiple control frameworks has led us to be somewhat critical of the existing architecture for resource allocation.  We have expressed these views in [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_GENIAPI_v1.2.pdf earlier] [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_PlanetLab_GENIAPI.pdf documents]. This quarter we provided constructive ways forward that address our concerns, and continue to argue for their uptake.
     35We have developed and intergrated the [http://abac.deterlab.net ABAC implementation] with GENI components and are pressing forward with new tools and moving from prototype integrations to operational deployments of ABAC in GENI.  We have shown several levels of prototype integration this quarter (sample policy encodings, GENIAPI code integration, tool demonstrations) and achieved a consensus to deploy ABAC operationally.
     36 
     37Similarly, our perspective as a consumer of GENI resources from multiple control frameworks has led us to be somewhat critical of the existing architecture for resource allocation.  We have expressed these views in [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_GENIAPI_v1.2.pdf earlier] [http://groups.geni.net/geni/attachment/wiki/TIED/TIED_PlanetLab_GENIAPI.pdf documents]. This quarter we published a document laying out constructive ways forward that address our concerns, and continue to argue for their uptake.
    3638
    37 Our work with the Japanese continues as well with an informational and personnel exchnage, aimed at both producing prototype code and sharing perspectives.  Though interrupted by recent events in Japan, the collaboration continues to move forward.
     39Our work with the Japanese continues as well with an informational and personnel exchange, aimed at both producing prototype code and sharing perspectives.
    3840
    3941We summarize those accomplishments below.
     
    4143== ABAC/GENI Integration ==
    4244
    43 We have been extolling the benefits of the ABAC authorization system and our implementation of it for some time, and this quarter we took steps to prove that a large scale integration with GENI is technically and practically feasible.  This has taken the form of demonstrations, documentation and trial integrations that have led to a commitment to integrating ABAC into a GENI control framework (ProtoGENI) over the next year.
     45We have been extolling the benefits of the ABAC authorization system and our implementation of it for some time, and this quarter we took steps to prove that a large scale integration with GENI is technically and practically feasible.  This has taken the form of demonstrations, documentation, and trial integrations that have led to a commitment to integrating ABAC into a GENI control framework (ProtoGENI) over the next year.
    4446
    45 One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that exising implementations of both the AM and ABAC were mature enough to work together.  Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter.  This proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.
     47One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that exising implementations of both the AM and ABAC were mature enough to work together.  Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter.  The integration proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.
    4648
    47 We both encoded GENI policy into ABAC credentials and produced an explanatory document describing both the GENI policy and the ABAC encoding of it that has proven powerful in explaining the problem and ABAC's role in its solution.  In preparing the integrated AM code, we technically demonstrated this capability, so we took advantage of the second milestone to both provide a more comprehensive encoding of GENI policy and to provide a comprehensive documentation of that encoding.  That document has been the basis for many ongoing discussions among GENI implementers and was part of the basis for the agreement reached at GEC10.
     49We both encoded GENI policy into ABAC credentials and produced an explanatory document describing both the GENI policy and the ABAC encoding of it. That document has proven powerful in framing the discussion of both an ABAC deployment and GENI authorization in general.  That document appeared because we technically demonstrated one policy encoding when we produced the GENIAPI AM integration, so we took advantage of the second milestone to both provide a more comprehensive encoding of GENI policy and a complete documentation of that encoding.  That document has been the basis for many ongoing discussions among GENI implementers and was part of the basis for the agreement reached at GEC10.
    4850
    4951Finally, in conjunction with GPO staff and Steve Schwab, the GENI security architect, TIED staff were instrumental in forging an agreement to integrate ABAC with an GENI CF - ProtoGENI - this year.  This entailed several discussions and presentations at GEC10.
     
    5355ABAC is a multi-platform implementation of our authorization system that is missing a system for administrators to interpret and create credentials encoding a policy or proof.  This quarter we extended our existing credential browser significantly to display policies and proofs in clearer ways as well as to provide the crytpographic representations of those credentials.  That browser was demonstrated at GEC10.
    5456
    55 As a side effect of that broswer development, which was carried out in Java, we now have an interoperable implementation in Java.  Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable.  A native-java implementation was developed and is integrated into the most recent ABAC release (0.1.3).  Orca developers who work in java are currently taking that code up.
     57As a side effect of that broswer development, which was carried out in Java, we now have an interoperable implementation in Java.  Our initial plan was to use our existing multi-platform tool - swig - to produce a Java implementation, but swig-generated code proved too unstable.  A native Java implementation was developed and is integrated into the most recent ABAC release (0.1.3).  Orca developers who work in Java are currently taking that code up.
    5658
    5759In addition, the ABAC libraries with Java support are being integrated into the GENI Integration release 3.1.