wiki:TIEDQ12011

Version 3 (modified by faber@isi.edu, 8 years ago) (diff)

--

TIED - Trial Integration Environment Based on DETER

QPR 31 Mar 2010

Introduction

This quarter members of the TIED project advanced their work on Attribute Based Access Control (ABAC) both technically and internally among GENI researchers, drove GENI interface discussions on both ABAC and the GENIAPI, and furthered our international collaboration with our Japanese counterparts.

Major Accomplishments

  • ABAC/GENI Integration
    • Published Reference code and Documentation for integrating ABAC with the GENIAPI AM.
      • ABAC 0.1.3 is being integrated with the standard GENI Integration Release v 3.1
    • Published machine-readable ABAC encoding of the current GENIAPI models, and wrote detailed documentation for the same.
      • Documentation is a jumping on point for users who have not been following authorization discussions closely
      • Encoding uses running code to demonstrate practicality of the implementation
    • With Steve Schwab, we worked with GPO personnel to forge a consensus and forward path on ABAC integration for GENI at GEC10
  • ABAC Development
    • Demonstrated the ABAC credential browser at GEC10
    • Browser development resulted in a second, interoperable ABAC implementation in native Java that is being taken up by the ORCA project.
      • Included in ABAC 0.1.3, in the GENI Integration release v3.1
  • Other GENI Interface deisgn
    • Published and discussed a draft on the Future of the Slice manager interface.
    • Discussions continuing on the CF lists
  • Japan Collaboration
    • Mike Ryan spent several weeks in Japan educating users on the TIED model and learning about their testbed models
    • Work underway to federate the two testbeds

Description of the Work Performed During the Quarter

TIED's focus on the creation of federated experiments across multiple testbed architectures has allowed us to focus on key areas for GENI interoperability: a federable authorization framework (ABAC) and the overall architecture of the GENIAPI from the perspective of a system that combines resources across multiple control frameworks. We have implemented such a simple federable framework in the ABAC system, and much of the work this quarter has been in demonstrating that our implementation is ready for use and can be integrated with the existing GENI frameworks. We made significant forward progress on both these fronts.

Similarly, our perspective as a consumer of GENI resources from multiple control frameworks has led us to be somewhat critical of the existing architecture for resource allocation. We have expressed these views in earlier documents. This quarter we provided constructive ways forward that address our concerns, and continue to argue for their uptake.

Our work with the Japanese continues as well with an informational and personnel exchnage, aimed at both producing prototype code and sharing perspectives. Though interrupted by recent events in Japan, the collaboration continues to move forward.

We summarize those accomplishments below.

ABAC/GENI Integration

We have been extolling the benefits of the ABAC authorization system and our implementation of it for some time, and this quarter we took steps to prove that a large scale integration with GENI is technically and practically feasible. This has taken the form of demonstrations, documentation and trial integrations that have led to a commitment to integrating ABAC into a GENI control framework (ProtoGENI) over the next year.

One of the important trial integrations was with the GENIAPI AM code, the purpose of which was showing that exising implementations of both the AM and ABAC were mature enough to work together. Though most of the coding was undertaken last quarter, the code (and more importantly the documentation) was made available early this quarter. This proceeded as expected, showing that the code functions and interoperates correctly, and in the process important contacts and informational exchanges were accomplished between TIED staff and GPO staff.