Changes between Initial Version and Version 1 of TIEDQ22010

08/30/10 10:58:56 (11 years ago)



  • TIEDQ22010

    v1 v1  
     1= TIED - Trial Integration Environment Based on DETER =
     3== QPR June 30 2010 ==
     5== Introduction ==
     6This quarter the members of the TIED project have focused on releasing the ProtoGENI plug-in code with attendant documentation and examples to make writing future plug-ins simple for developers. We also worked on creating a support framework for integrating ABAC  with TIED components.
     8== Major Accomplishments ==
     9 * [ Release of fedd 3.00] which includes the ProtoGENI plug-in (Milestone S2.c delivered 30 Jun 2010)
     10 * Additional [ documentation] (part of the fedd 3.00 release) of the new features including:
     11  * The ProtoGENI plug-in source code
     12  * Plug-in interface descriptions
     13  * Sample, simple plug-in code to understand and start from
     14 * Begun initial work on a lightweight ABAC implementation
     15 * Initiated a collaboration with researchers at JAIST, NAIST and the University of Tokyo in Japan based on TIED plug-in development and federation-enabled research
     17== Description of Work Performed During the Quarter ==
     19One of the key contributions of the TIED project is the ability to interconnect testbeds of different underlying architecture and programmatic interface to make unified experimental environments. This is accomplished through a very high-level experiment description architecture that is customizable at each participating testbed. The well defined interfaces provide a narrow waist at the points where testbeds interconnect.
     21The customization at the testbed interface is referred to as a TIED plug-in (or access controller). Plug-ins currently exist for testbeds that export an Emulab interface, for DRAGON/OSCARS provisioned interconnection networks, for DETER's internal interconnection network, and for ProtoGENI.
     23The work this quarter has focused on polishing, documenting and releasing the ProtoGENI plug-in that we designed, prototyped, and demonstrated last quarter.  This code, along with supporting documentation and example code, is part of the fedd 3.00 release. This code will be the basis for the later GENIAPI plug-in; the GENIAPI will build on the same slice-based facility architecture (SFA) as ProtoGENI.
     25We summarize the major accomplishments below
     27=== Improvements to the ProtoGENI Plug-in for Release ===
     29This quarter we extended the work done last quarter on designing and prototyping of the ProtoGENI plug-in. It supports allocation and integration of resources from the ProtoGENI facility to a TIED experiment.  That plug-in was demonstrated as functional at GEC7, and has been polished and documented since then.
     31Though the code demonstrated at GEC7 was functional, it was not well factored for future extension nor was it easy to understand for new developers.  This quarter that code was re-factored to meet those needs as well as being more extensively commented to promote developer understanding.   In addition to re-factoring the ProtoGENI plug-in, we looked over our growing body of plug-ins and were able to abstract out common code and common tasks into a shared base class.  This simplifies future plug-ins.
     33The base plug-in class supports reading and writing standard database formats as well as encapsulating much of the authorization decision making.  This last feature will simplify our coming move to ABAC authorization control.
     35The plug-in is part of the [ fedd 3.00 release.]
     37This code release meets the S2.c milestone, and is a stepping stone toward the S2.d and S2.f milestones.
     39=== ProtoGENI Plug-in and General Plug-in Documentation ===
     41One of the primary goals of TIED is to encourage as many facilities as possible to make their resources available to other TIED participants.  To this end we want to encourage the simple development of plug-ins.  We have now created enough plug-ins that we believe the model to be useful, and to lay out what can be done under it.  One of the accomplishments this quarter has been to document these interfaces and provide simple, running sample code for developers to work from.
     43A high level view of the plug-in architecture is available from the [ ProtoGENI plug-in design document] as well as from the [ fedd documentation]. Those documents frame the basic design choices and control flow through a plug-in.  Though they remain useful reading for plug-in developers, they do not describe the interfaces and parameters in sufficient detail to implement a new plug-in. The documentation released with fedd 3.0 includes the [ interface and parameter definitions] that a developer will need.
     45In addition to the commented ProtoGENI plug-in source code and interface definitions, the distribution includes a minimal skeleton plug-in.  That code can be run remotely to see the interfaces in action and can act as a starting point for new developers.  The documentation includes [ detailed instructions for running the code locally].
     47In addition, DETER/TIED provides credentials and infrastructure to remotely exercise this and other plug-in code, in the form of globally available guest credentials and standard access databases.  A developer can download and install fedd and make requests from the DETER site that are delivered to their local plug-in without any coordination with  TIED (or DETER).
     49Finally the documents describe how to [ dynamically load plug-in code] into fedd.  Developers can integrate their software into fedd without having access to the fedd source code.  This document explains the conventions to follow to ensure that the plug-in is recognized and loaded.
     51Most of the documentation and example code described in this section goes beyond that strictly required by any particular milestone, but we believe it is essential to acceptance of the TIED model and code base.
     53=== ABAC Development ===
     55We believe that the ABAC authorization framework is a powerful and essential system for large scale, decentralized authorization. We are dedicated to realizing the system in a way that is useful to practical system designers. Wide scale adoption of the system requires new tools at a variety of levels as well as educating system designers about its power.
     57In order for ABAC to be integrated with existing systems, it needs to be realized in a portable, efficient library.  The need for efficiency in an authorization system is probably self-evident.  Portability is key so that ABAC can be integrated with applications across a range of control frameworks.  While we have learned a considerable amount from our early efforts with high-level implementations of ABAC, we believe that a simplified, low-level prover library is a key next step in bringing ABAC to TIED and GENI.  To that end we are developing such a library.
     59Also key to ABAC acceptance is providing administrators and designers with the sort of high level tools that allow them to visualize and design an authorization and access policy that can be realized in ABAC terms.  At GEC6 we demonstrated a simple application, [ the TIED attribute explorer], that provides a simple visualization of ABAC credentials and policies.  While not a solution for large-scale complex policies, it may be a starting point for future work we are undertaking here.
     61Finally, we have committed, with our colleagues at Cobham, to present a tutorial/mini-workshop on ABAC at GEC8 and the current tools available to work with it.  This is part of our continuing effort to educate and evangelize designers on the merits of ABAC.
     63== International Collaboration ==
     65TIED and DETER have begun an NSF-supported collaboration with several research organizations in Japan.  The organizations are the Nara Institute of Science and Technology ([ NAIST]) working with Prof. Suguru Yamaguchi, the Japan Advanced Institute of Science and Technology ([ JAIST]), working with Yoichi Shinoda and Prof. Tetsuo Wasano, and the [ Univeristy of Tokyo], working with Prof. Yuji Sekiya. The [ ISI] investigators are John Wroclawski (PI) and Bill Manning.
     67There are four goals of this collaboration:
     69 * Prototyping a TIED plug-in for access to the Japanese [ StarBed] facility
     70 * Demonstrating two cooperative seed research projects
     71 * Demonstrating research enabled by federation
     72   * One group plans to access the BGPMUX in ProtoGENI from !StarBed using the TIED plug-in developed above
     73 * Student Exchanges
     75The initial information exchanges are underway and we expect to begin work on the fedeartion of the systems in the 3rd quarter of this year.
     77== Project participants ==
     78 * Individuals directly supported by TIED award:
     79   * John Wroclawski, PI
     80   * Ted Faber, Research Computer Scientist
     81   * Tom Lehman, Research Computer Scientist
     83 * Individuals contributing to the project with outside support:
     84   * Jelena Mirkovic, ISI Research Computer Scientist
     85   * Mike Ryan, ISI Systems Programmer
     86   * Jay Jacobs, Cobham Systems Programmer
     87   * Brett Wilson, Cobham Systems Programmer
     88   * Bill Manning, Research Staff Member
     90 * International Collaborators
     91   * Prof. Suguru Yamaguchi, Graduate School of Information Science, Nara Institute of Science and Technology (NIAST)
     92   * Yoichi Shinoda, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST) and Horuriku Research Center, National Institute of Incormation and Communications Technology (NICT)
     93   * Prof. Tetsuo Wasano, Internet Research Center, Japan Advanced Institute of Science and Technology (JAIST)
     94   * Prof. Yuji Sekiya, University of Tokyo
     96== Publications ==
     98 Fedd 3.00 Documentation,, Ted Faber::
     99   This describes the use of the TIED federation software including installation, configuration, and plug-in design and operation.
     101== Collaborations ==
     103 * Utah Emulab group (Rob Ricci and staff) ‚Äì development and testing of the DETER Federation Architecture software and ProtoGENI debugging.
     104 * WAIL (Paul Barford and staff) ‚Äì development and testing of the DETER Federation Architecture software.
     105 * Cobham/SPARTA (Steve Schwab, Jay Jacobs) ‚Äì Development and prototyping of attribute based security models for federation. See discussion under Activities and Findings, above.
     106 * Cobham/SPARTA (Steve Schwab, Brett Wilson) ‚Äì Development of support for federated experiments within the SEER Experiment Control Environment.
     107 * DRAGON project at ISI-East, CENIC, Los Nettos. VLAN interconnection and debugging.
     108 * International collaborators, above