« Return to Thread: Minutes from GENI Control Framework WG Meeting at GEC-3 on 10/29/08
Minutes from GENI Control Framework WG Meeting at GEC-3 on 10/29/08
by Harry Mussman
::
Rate this Message:
All members of the Control Framework WG,
The Control Framework WG met at GEC-3 on 10/29/08.
The overall agenda of GEC-3 can be found at:
http://www.geni.net/GEC3/GEC3-Agenda.pdf
All talks presented at GEC-3 can be found at:
http://groups.geni.net/geni/wiki/presentations
All Control Framework WG meeting presentations (plus related presentations)
can be found at:
http://groups.geni.net/geni/wiki/CFWGGEC3
DRAFT minutes of the Control Framework WG meeting are at
http://groups.geni.net/geni/attachment/wiki/CFWGGEC3/110508c%20%20GEC3_Cntrl
FrameWG_Minutes.pdf
and are attached below.
Please forward any changes or additions to me.
Please use this mailing list to continue discussions from the meeting, or to
start new threads. And, please encourage your colleagues to join the
mailing list!
Best wishes,
Harry
Harry E. Mussman
Sr. Systems Engineer - GENI Project Office
BBN Technologies
10 Moulton Street
Cambridge, MA 02138
(617) 873-4282 - Office
(781) 266-8479 - Mobile
(617) 873-4888 - Fax
hmussman@...
www.bbn.com
________________________________________________________________________
3rd GENI Engineering Conference
Control Framework Working Group Meeting Minutes
Prepared by Control Framework Systems Engineer:
Harry Mussman at GENI Project Office hmussman@...,
November 5, 2008
________________________________________________
Content:
The agenda for the conference can be found at:
http://www.geni.net/GEC3/GEC3-Agenda.pdf
All slides from the conference can be found at:
http://groups.geni.net/geni/wiki/presentations
On the first day of the conference, there were six talks in plenary session
that introduced the GENI control framework, and summarized the five projects
implementing different control framework approaches for Spiral 1. Notes on
these talks are presented first.
Then, on the second day of the conference, the Control Framework WG met in
plenary session. It heard some additional Spiral 1 project talks, three
short lightning talks, the system engineering report, and had a period of
open discussion. Notes from this meeting conclude this report.
There were no action items identified in the WG meeting.
________________________________________________________________________
Plenary Session
Tuesday, October 28, 10am 12:30pm.
Building 20 Auditorium, Hewlett Packard, Palo Alto, CA
For an audio recording of this session, go to: TBD
________________________________________________
Overview:
GENI Spiral 1 Control Frameworks
Speaker: GENI Engineering Architect: Aaron Falk at GENI Project Office
afalk@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/1%20-%20Tuesday%20
-%202.%20%20GEC3%20Control%20Framework%20Context.ppt
Related document: GENI Spiral 1 Overview at:
http://www.geni.net/docs/GENIS1Ovrvw092908.pdf
This talk reviewed the GENI system decomposition, and particularly the
control framework; provided a summary of each of the five control frameworks
being implemented by Spiral 1 projects, and their associated clusters A D;
and provided a quick summary of what all projects must do to develop,
integrate, test and demo the control structures needed in Spiral 1.
________________________________________________
Cluster D:
Open Resource Control Architecture, ORCA-BEN Cluster D
PIs: Ilia Baldine at Renaissance Computing Institute and Jeff Chase at Duke
University
Speaker: Jeff Chase at Duke University chase@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/chase-clusterD-orc
aben-control.pdf
This talk reviewed the use of ORCA in GENI as a control framework, and its
use by BEN and three other Spiral 1 projects.
________________________________________________
Cluster E:
Control, Measurement and Resource Management Framework for Heterogeneous
and Mobile Wireless Testbeds
PIs: Marco Gruteser and Ivan Seskar at WINLAB, and Max Ott and Thierry
Rakotoarivelo and NICTA
Speaker: Marco Gruteser at WINLAB gruteser@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/GEC-ControlFramewo
rk-ProjectOverview_Gruteser_Oct08.pdf
This talk summarized the Control, Measurement and Resource Management
Framework designed for the ORBIT testbed, and its use as a GENI control
framework by the ORBIT project and by one other Spiral 1 project.
________________________________________________
Cluster B:
PI and speaker: Larry Pederson llp@...
PlanetLab Based Control Framework for GENI
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/planetLab_geni.ppt
This talk summarized the PlanetLab-based GENI control framework, and its use
by seven other Spiral 1 projects. Initial code of reference designs is now
available.
________________________________________________
Cluster C:
PI and speaker: Rob Ricci ricci@...
ProtoGENI Control Framework
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/protogeni_Ricci_ge
c3.pdf
This talk summarized the ProtoGENI control framework for GENI, based on
Emulab, and its use by four other Spiral 1 projects. The talk included a
live demonstration of setting up an experiment using this control framework.
________________________________________________
Cluster A:
PI and speaker: John Wroclawski at USC/ISI jtw@...
Trial Integration Environment Built on DETER
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/TIED-GEC3.ppt
This talk presented this one project cluster, based on the DETER testbeds,
which were initially established to focus on security issues. This project
will concentrate on extending federation mechanisms in GENI.
________________________________________________________________________
Control Framework Working Group Breakout Session
Wednesday, October 29, 9am 12noon.
Building 20 Auditorium, Hewlett Packard, Palo Alto, CA
For an audio recording of this session, go to: TBD
________________________________________________
1) WG Co-Chair: John Wroclawski at USC/ISI jtw@...
Review of agenda
Introductions
Brief remarks on scope and goals of the Control Framework WG: See
WG website for more information: http://www.geni.net/wg/control-wg.html
________________________________________________
2) Talks about Spiral 1 projects:
________________________________________________
a) Instrumentation and Measurement for GENI.
PIs: Paul Barford at University of Wisconsin Madison, Mark Crovella at
Boston University and Joel Summers at Colgate University.
Speaker: Joel Summers at Colgate University jsummers@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2a%20%20gec3.pdf
This project is part of the ProtoGENI control framework, Cluster C.
It will provide a measurement system, including a measurement service and
repository module plus measurement modules for inclusion in substrate
components.
Questions from the audience:
Q: What is plan for binding data to an experiment, by adding metadata
and/or annotations, to avoid confusion later?
A: Expect to have automatically added metadata, plus user-defined metadata.
Q: What is the schema for metadata?
A: Note yet specified; expect experience from other projects to guide it.
Q: What about privacy policy to control dissemination of data?
A: Expect it to be affected by deployment location.
________________________________________________
b) Sensor Virtualization and Slivering in an Outdoor Wide-Area Wireless
GENI Sensor/Actuator Network Testbed.
PIs: Prashant Shenoy, Deepak Ganesan, Jim Kurose and Michael Zink at
University of Massachusetts Amherst.
Speaker: Michael Zink at University of Massachusetts Amherst.
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2b%20%20vise.ppt
This project is part of the ORCA control framework, Cluster D.
It will integrate the ORCA control framework into an existing and
widely-deployed outdoor, wide-area sensor/actuator network, including
virtualization of the sensor/actuator system.
(No questions from the audience)
________________________________________________
c) Digital Object Architecture.
PI and speaker: Larry Lannom at CNRI llannom@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2c%20%20GEC3LWL.pp
t
This project is focused on analyzing how the Digital Object Architecture
could be used to realize a GENI software repository, and also study whether
it could be used to realize a GENI clearinghouse registry. It is expected to
pick one of the control frameworks.
(No questions from the audience)
________________________________________________
d) "Mid-Atlantic Crossroads (MAX)".
PI is Peter O'Neil at University of Maryland / Mid-Atlantic Crossroads
poneil@...
First speaker: Peter O'Neil at University of Maryland / Mid-Atlantic
Crossroads
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_1%20102908-MidA
tlanticCrossroads-Overview-POneil-CTracy.pdf
Second speaker: Jarda Flidr at University of Maryland / Mid-Atlantic
Crossroads.
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_2%20102908-MidA
tlanticCrossroads-DRAGON-API-JFlidr.ppt
Third speaker: Chris Tracy at University of Maryland / Mid-Atlantic
Crossroads
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_1%20102908-MidA
tlanticCrossroads-Overview-POneil-CTracy.pdf
This project will provide access to an operational, regional,
multi-wavelength optical network, and this first talk provides an overview
of the MAX network, and its ability to provide Dynamic Resource Allocation
via GMPLS Optical Network (DRAGON). The second speaker described the DRAGON
API in detail. The third speaker described the key components and standards
used in DRAGON.
(No questions from the audience)
________________________________________________
4) Lightning talks and topics relevant to WG. (Invited by WG Chairs)
________________________________________________
a) Federated Identity and Shibboleth Concepts
Speaker: Rick Summerhill at Internet2 rrsum@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4a%20%202008-10-28
%20Federated%20Identity%20and%20Shibboleth.ppt
This talk summarized the approach that Internet 2 has utilized federated
identity based on Shibboleth software, and SAML protocols. This approach
may be useful in the GENI environment to utilize existing identity
providers, i.e., those already established at research universities.
Questions from the audience:
Q: In the service chaining example, when resolving at the 2nd stage, what
ID do you use?
A: Use ID from the user, via a trust relationship.
________________________________________________
b) Beyond Federated Identity: Federated Access
Speaker: Marc Stiegler at HP Labs marc.d.stiegler@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4b%29%20%20faccm5m
in.ppt
This talk described an approach to streamlined federated access management
that can avoid the need to provide federated identity management, and tis
use of a self-authorizing browser bookmark known as the web-key.
(No questions from the audience)
________________________________________________
3) CF System Engineering Report
Speaker: Harry Mussman at GENI Project Office hmussman@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/3%20%20102908%20%2
0SE_Report_CntrlFrameWG_GEC3.ppt
Related DRAFT document: GENI Control Framework High-Level Design at
http://groups.geni.net/geni/attachment/wiki/GeniControlFrameworkArchitecture
/102008_GENI-ARCH-CP-01.4.pdf
This talk provided an introduction to the role of the Control Framework WG
system engineer, and an overview of associated Spiral 1 projects.
GENI Spiral 1 Integration: Five Control Framework Clusters
Spiral 1 Projects
Five Spiral 1 projects are focused on control frameworks for
different clusters of projects:
1609 DETER (Cluster A)
1600 Planetlab (Cluster B)
1579 ProtoGENI (Cluster C)
1582 ORCA (Cluster D)
1660 ORBIT (Cluster E)
Four Spiral 1 projects are highly relevant to the CFs:
1621 GUSH tools
1622 Provisioning Service
1632 Security Architecture
1663 Digital Object Registry
continued (2)
CF is highest risk item for Spiral 1.
Having five CFs:
Will bring unique contributions to the table.
Prevents the loss of good ideas.
Will mitigate risks.
Expect consolidation over time, but no sudden death.
How do we:
Clearly describe each CF, with a common vocabulary?
Understand common choices, and differences?
Identify common issues, and get them resolved?
Work towards defining a final CF? (or possibly multiple CFs)
Next, the current effort to draft a Control Framework High-Level Design
document was summarized, including the common choices, current differences
and identified issues in the current control framework implementations.
Control Framework HLD DRAFT Document
Now ready for review by CF WG:
http://groups.geni.net/geni/attachment/wiki/GeniControlFrameworkArchitecture
/102008_GENI-ARCH-CP-01.4.pdf
Intent:
Clearly describe each CF, with a common vocabulary.
Understand common choices, and differences.
Identify common issues.
A way towards defining a final CF-HLD, but a long way to go .
Approach:
Utilize a linear structure to decompose the CF-HLD.
Describe the CF-HLD as one design, focusing on common choices, but
noting differences.
Provide multiple worked examples for clarity.
continued (2)
Structure of document:
Start with system design overview to understand structure and
concepts. (Section 3)
List features and functions that must be included. (Section 4)
Present control framework structure, including entities, interfaces,
principals, services and objects. (Section 5)
Consider each interface, plus major concepts, and present examples
of usage that walks through key scenarios. (Sections 6 11)
Include sections to summarize five current control frameworks being
implemented for Spiral 1. (Sections 12 16)
Common CF-HLD Choices
Common to all current CF implementations.
Some exceptions?
Choice 1: Control interfaces include APIs that follow a web
services model, using SOAP and https (for a secure channel).
Plus separate interfaces for loading software, etc.
Choice 2: Principals (and services) have global identities.
Are identified and authenticated with certificates from a PKI
Choice 3: Authorization is handled with signed tokens
(certificates)
Passed from registry, to researcher, to aggregate, etc.
Based on an underlying trust management system.
Finally, the documents planned for the next year were reviewed.
Planned Control Framework Documents
Architecture:
CF Architecture, v1 DRAFT compete 10/17/08
CF Architecture, v2 DRAFT due 6/16/09
Subsystems:
Clearinghouse Subsystem Technical Description, v1 DRAFT due
2/15/09
Clearinghouse Subsystem Technical Description, v2 DRAFT due
7/16/09
Clearinghouse Subsystem Intfc Cntrl Doc, v1
DRAFT due 3/1/09
Clearinghouse Subsystem Intfc Cntrl Doc, v2
DRAFT due 8/1/09
(No questions from the audience)
________________________________________________
4) Lightning talks continued.
4c) Essential GENI
Speaker, and also Co-Chair of the WG: Larry Pederson at Princeton
llp@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4c%29%20%20llp_sim
ple.ppt Related DRAFT document: Slice-Based Facility Architecture at
http://groups.geni.net/geni/attachment/wiki/GeniControlBr/v1.10%20%20080808%
20%20sfa.pdf
This talk outlined an approach to using the Slice-Based Facility
Architecture for GENI control, including its use for an aggregate/component
manager and a user service. It listed three areas that are still hard
problems, and suggested approaches to solving them: resource
specifications, resource allocation and identity or access control.
Essential GENI
Less is More
Slice-based Facility Architecture (SFA)
if you encounter ambiguity, it doesnt matter
if youre sure it matters, read the code
If you are building a component or aggregate
ignore all matters security-related
focus on six simple operations
ä CreateSlice, DeleteSlice, StartSlice, StopSlice
ä ResetSlice, ListComponentResources
design your own rspec
ä keep it low-level (design for the component, not the user)
ä focus on activity that requires privilege
If you are building a user-level service
focus on the user
pick a platform, any platform (preferably one that has users)
Some Problems are Hard
Resource Specifications (rspecs)
keep it real
on-going synthesis (standardization-like activity)
permit multiple user-oriented variants
Resource Allocation
enable the market to decide
Identity or Access Control
enable the market to decide
influenced by policy considerations
________________________________________________
5) Discussion, including comments and questions from the audience:
Comment by Rob Ricci at University of Utah: The ProtoGENI project has an
Rspec that should be useful for GENI.
Comment by Rick McGeer at HP Labs: Regarding identity and access control,
we have no best practices. We should start with the requirements and work
towards a bakeoff.
Comment by ?: By saying identity and access control, we are making
assumptions. We should decouple identity from authorization and access
control.
Comment by Ted Faber at USC/ISI: Identity and access control are based on a
trust structure.
Comment by Rick McGeer at HP Labs: Writing best practices will clarify
solutions.
Comment by John Wroclawski at USC/ISI and Co-Chair of WG: We should have
different solutions for different circumstances and we should put
appropriate abstraction into the HLD.
Comment by Rick McGeer at HP Labs: The GRIP failed because its
authorization approach didnt work, and the fixes only made it worse.
Comment by ?: When working back up chain of trust, the last party is the
responsible party.
Comment by John Wroclawski at USC/ISI and Co-Chair of WG: We should
separate mechanisms and policies, and work to understand policies.
________________________________________________________________________
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
The Control Framework WG met at GEC-3 on 10/29/08.
The overall agenda of GEC-3 can be found at:
http://www.geni.net/GEC3/GEC3-Agenda.pdf
All talks presented at GEC-3 can be found at:
http://groups.geni.net/geni/wiki/presentations
All Control Framework WG meeting presentations (plus related presentations)
can be found at:
http://groups.geni.net/geni/wiki/CFWGGEC3
DRAFT minutes of the Control Framework WG meeting are at
http://groups.geni.net/geni/attachment/wiki/CFWGGEC3/110508c%20%20GEC3_Cntrl
FrameWG_Minutes.pdf
and are attached below.
Please forward any changes or additions to me.
Please use this mailing list to continue discussions from the meeting, or to
start new threads. And, please encourage your colleagues to join the
mailing list!
Best wishes,
Harry
Harry E. Mussman
Sr. Systems Engineer - GENI Project Office
BBN Technologies
10 Moulton Street
Cambridge, MA 02138
(617) 873-4282 - Office
(781) 266-8479 - Mobile
(617) 873-4888 - Fax
hmussman@...
www.bbn.com
________________________________________________________________________
3rd GENI Engineering Conference
Control Framework Working Group Meeting Minutes
Prepared by Control Framework Systems Engineer:
Harry Mussman at GENI Project Office hmussman@...,
November 5, 2008
________________________________________________
Content:
The agenda for the conference can be found at:
http://www.geni.net/GEC3/GEC3-Agenda.pdf
All slides from the conference can be found at:
http://groups.geni.net/geni/wiki/presentations
On the first day of the conference, there were six talks in plenary session
that introduced the GENI control framework, and summarized the five projects
implementing different control framework approaches for Spiral 1. Notes on
these talks are presented first.
Then, on the second day of the conference, the Control Framework WG met in
plenary session. It heard some additional Spiral 1 project talks, three
short lightning talks, the system engineering report, and had a period of
open discussion. Notes from this meeting conclude this report.
There were no action items identified in the WG meeting.
________________________________________________________________________
Plenary Session
Tuesday, October 28, 10am 12:30pm.
Building 20 Auditorium, Hewlett Packard, Palo Alto, CA
For an audio recording of this session, go to: TBD
________________________________________________
Overview:
GENI Spiral 1 Control Frameworks
Speaker: GENI Engineering Architect: Aaron Falk at GENI Project Office
afalk@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/1%20-%20Tuesday%20
-%202.%20%20GEC3%20Control%20Framework%20Context.ppt
Related document: GENI Spiral 1 Overview at:
http://www.geni.net/docs/GENIS1Ovrvw092908.pdf
This talk reviewed the GENI system decomposition, and particularly the
control framework; provided a summary of each of the five control frameworks
being implemented by Spiral 1 projects, and their associated clusters A D;
and provided a quick summary of what all projects must do to develop,
integrate, test and demo the control structures needed in Spiral 1.
________________________________________________
Cluster D:
Open Resource Control Architecture, ORCA-BEN Cluster D
PIs: Ilia Baldine at Renaissance Computing Institute and Jeff Chase at Duke
University
Speaker: Jeff Chase at Duke University chase@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/chase-clusterD-orc
aben-control.pdf
This talk reviewed the use of ORCA in GENI as a control framework, and its
use by BEN and three other Spiral 1 projects.
________________________________________________
Cluster E:
Control, Measurement and Resource Management Framework for Heterogeneous
and Mobile Wireless Testbeds
PIs: Marco Gruteser and Ivan Seskar at WINLAB, and Max Ott and Thierry
Rakotoarivelo and NICTA
Speaker: Marco Gruteser at WINLAB gruteser@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/GEC-ControlFramewo
rk-ProjectOverview_Gruteser_Oct08.pdf
This talk summarized the Control, Measurement and Resource Management
Framework designed for the ORBIT testbed, and its use as a GENI control
framework by the ORBIT project and by one other Spiral 1 project.
________________________________________________
Cluster B:
PI and speaker: Larry Pederson llp@...
PlanetLab Based Control Framework for GENI
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/planetLab_geni.ppt
This talk summarized the PlanetLab-based GENI control framework, and its use
by seven other Spiral 1 projects. Initial code of reference designs is now
available.
________________________________________________
Cluster C:
PI and speaker: Rob Ricci ricci@...
ProtoGENI Control Framework
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/protogeni_Ricci_ge
c3.pdf
This talk summarized the ProtoGENI control framework for GENI, based on
Emulab, and its use by four other Spiral 1 projects. The talk included a
live demonstration of setting up an experiment using this control framework.
________________________________________________
Cluster A:
PI and speaker: John Wroclawski at USC/ISI jtw@...
Trial Integration Environment Built on DETER
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/TIED-GEC3.ppt
This talk presented this one project cluster, based on the DETER testbeds,
which were initially established to focus on security issues. This project
will concentrate on extending federation mechanisms in GENI.
________________________________________________________________________
Control Framework Working Group Breakout Session
Wednesday, October 29, 9am 12noon.
Building 20 Auditorium, Hewlett Packard, Palo Alto, CA
For an audio recording of this session, go to: TBD
________________________________________________
1) WG Co-Chair: John Wroclawski at USC/ISI jtw@...
Review of agenda
Introductions
Brief remarks on scope and goals of the Control Framework WG: See
WG website for more information: http://www.geni.net/wg/control-wg.html
________________________________________________
2) Talks about Spiral 1 projects:
________________________________________________
a) Instrumentation and Measurement for GENI.
PIs: Paul Barford at University of Wisconsin Madison, Mark Crovella at
Boston University and Joel Summers at Colgate University.
Speaker: Joel Summers at Colgate University jsummers@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2a%20%20gec3.pdf
This project is part of the ProtoGENI control framework, Cluster C.
It will provide a measurement system, including a measurement service and
repository module plus measurement modules for inclusion in substrate
components.
Questions from the audience:
Q: What is plan for binding data to an experiment, by adding metadata
and/or annotations, to avoid confusion later?
A: Expect to have automatically added metadata, plus user-defined metadata.
Q: What is the schema for metadata?
A: Note yet specified; expect experience from other projects to guide it.
Q: What about privacy policy to control dissemination of data?
A: Expect it to be affected by deployment location.
________________________________________________
b) Sensor Virtualization and Slivering in an Outdoor Wide-Area Wireless
GENI Sensor/Actuator Network Testbed.
PIs: Prashant Shenoy, Deepak Ganesan, Jim Kurose and Michael Zink at
University of Massachusetts Amherst.
Speaker: Michael Zink at University of Massachusetts Amherst.
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2b%20%20vise.ppt
This project is part of the ORCA control framework, Cluster D.
It will integrate the ORCA control framework into an existing and
widely-deployed outdoor, wide-area sensor/actuator network, including
virtualization of the sensor/actuator system.
(No questions from the audience)
________________________________________________
c) Digital Object Architecture.
PI and speaker: Larry Lannom at CNRI llannom@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2c%20%20GEC3LWL.pp
t
This project is focused on analyzing how the Digital Object Architecture
could be used to realize a GENI software repository, and also study whether
it could be used to realize a GENI clearinghouse registry. It is expected to
pick one of the control frameworks.
(No questions from the audience)
________________________________________________
d) "Mid-Atlantic Crossroads (MAX)".
PI is Peter O'Neil at University of Maryland / Mid-Atlantic Crossroads
poneil@...
First speaker: Peter O'Neil at University of Maryland / Mid-Atlantic
Crossroads
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_1%20102908-MidA
tlanticCrossroads-Overview-POneil-CTracy.pdf
Second speaker: Jarda Flidr at University of Maryland / Mid-Atlantic
Crossroads.
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_2%20102908-MidA
tlanticCrossroads-DRAGON-API-JFlidr.ppt
Third speaker: Chris Tracy at University of Maryland / Mid-Atlantic
Crossroads
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/2d_1%20102908-MidA
tlanticCrossroads-Overview-POneil-CTracy.pdf
This project will provide access to an operational, regional,
multi-wavelength optical network, and this first talk provides an overview
of the MAX network, and its ability to provide Dynamic Resource Allocation
via GMPLS Optical Network (DRAGON). The second speaker described the DRAGON
API in detail. The third speaker described the key components and standards
used in DRAGON.
(No questions from the audience)
________________________________________________
4) Lightning talks and topics relevant to WG. (Invited by WG Chairs)
________________________________________________
a) Federated Identity and Shibboleth Concepts
Speaker: Rick Summerhill at Internet2 rrsum@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4a%20%202008-10-28
%20Federated%20Identity%20and%20Shibboleth.ppt
This talk summarized the approach that Internet 2 has utilized federated
identity based on Shibboleth software, and SAML protocols. This approach
may be useful in the GENI environment to utilize existing identity
providers, i.e., those already established at research universities.
Questions from the audience:
Q: In the service chaining example, when resolving at the 2nd stage, what
ID do you use?
A: Use ID from the user, via a trust relationship.
________________________________________________
b) Beyond Federated Identity: Federated Access
Speaker: Marc Stiegler at HP Labs marc.d.stiegler@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4b%29%20%20faccm5m
in.ppt
This talk described an approach to streamlined federated access management
that can avoid the need to provide federated identity management, and tis
use of a self-authorizing browser bookmark known as the web-key.
(No questions from the audience)
________________________________________________
3) CF System Engineering Report
Speaker: Harry Mussman at GENI Project Office hmussman@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/3%20%20102908%20%2
0SE_Report_CntrlFrameWG_GEC3.ppt
Related DRAFT document: GENI Control Framework High-Level Design at
http://groups.geni.net/geni/attachment/wiki/GeniControlFrameworkArchitecture
/102008_GENI-ARCH-CP-01.4.pdf
This talk provided an introduction to the role of the Control Framework WG
system engineer, and an overview of associated Spiral 1 projects.
GENI Spiral 1 Integration: Five Control Framework Clusters
Spiral 1 Projects
Five Spiral 1 projects are focused on control frameworks for
different clusters of projects:
1609 DETER (Cluster A)
1600 Planetlab (Cluster B)
1579 ProtoGENI (Cluster C)
1582 ORCA (Cluster D)
1660 ORBIT (Cluster E)
Four Spiral 1 projects are highly relevant to the CFs:
1621 GUSH tools
1622 Provisioning Service
1632 Security Architecture
1663 Digital Object Registry
continued (2)
CF is highest risk item for Spiral 1.
Having five CFs:
Will bring unique contributions to the table.
Prevents the loss of good ideas.
Will mitigate risks.
Expect consolidation over time, but no sudden death.
How do we:
Clearly describe each CF, with a common vocabulary?
Understand common choices, and differences?
Identify common issues, and get them resolved?
Work towards defining a final CF? (or possibly multiple CFs)
Next, the current effort to draft a Control Framework High-Level Design
document was summarized, including the common choices, current differences
and identified issues in the current control framework implementations.
Control Framework HLD DRAFT Document
Now ready for review by CF WG:
http://groups.geni.net/geni/attachment/wiki/GeniControlFrameworkArchitecture
/102008_GENI-ARCH-CP-01.4.pdf
Intent:
Clearly describe each CF, with a common vocabulary.
Understand common choices, and differences.
Identify common issues.
A way towards defining a final CF-HLD, but a long way to go .
Approach:
Utilize a linear structure to decompose the CF-HLD.
Describe the CF-HLD as one design, focusing on common choices, but
noting differences.
Provide multiple worked examples for clarity.
continued (2)
Structure of document:
Start with system design overview to understand structure and
concepts. (Section 3)
List features and functions that must be included. (Section 4)
Present control framework structure, including entities, interfaces,
principals, services and objects. (Section 5)
Consider each interface, plus major concepts, and present examples
of usage that walks through key scenarios. (Sections 6 11)
Include sections to summarize five current control frameworks being
implemented for Spiral 1. (Sections 12 16)
Common CF-HLD Choices
Common to all current CF implementations.
Some exceptions?
Choice 1: Control interfaces include APIs that follow a web
services model, using SOAP and https (for a secure channel).
Plus separate interfaces for loading software, etc.
Choice 2: Principals (and services) have global identities.
Are identified and authenticated with certificates from a PKI
Choice 3: Authorization is handled with signed tokens
(certificates)
Passed from registry, to researcher, to aggregate, etc.
Based on an underlying trust management system.
Finally, the documents planned for the next year were reviewed.
Planned Control Framework Documents
Architecture:
CF Architecture, v1 DRAFT compete 10/17/08
CF Architecture, v2 DRAFT due 6/16/09
Subsystems:
Clearinghouse Subsystem Technical Description, v1 DRAFT due
2/15/09
Clearinghouse Subsystem Technical Description, v2 DRAFT due
7/16/09
Clearinghouse Subsystem Intfc Cntrl Doc, v1
DRAFT due 3/1/09
Clearinghouse Subsystem Intfc Cntrl Doc, v2
DRAFT due 8/1/09
(No questions from the audience)
________________________________________________
4) Lightning talks continued.
4c) Essential GENI
Speaker, and also Co-Chair of the WG: Larry Pederson at Princeton
llp@...
Slides:
http://groups.geni.net/geni/attachment/wiki/presentations/4c%29%20%20llp_sim
ple.ppt Related DRAFT document: Slice-Based Facility Architecture at
http://groups.geni.net/geni/attachment/wiki/GeniControlBr/v1.10%20%20080808%
20%20sfa.pdf
This talk outlined an approach to using the Slice-Based Facility
Architecture for GENI control, including its use for an aggregate/component
manager and a user service. It listed three areas that are still hard
problems, and suggested approaches to solving them: resource
specifications, resource allocation and identity or access control.
Essential GENI
Less is More
Slice-based Facility Architecture (SFA)
if you encounter ambiguity, it doesnt matter
if youre sure it matters, read the code
If you are building a component or aggregate
ignore all matters security-related
focus on six simple operations
ä CreateSlice, DeleteSlice, StartSlice, StopSlice
ä ResetSlice, ListComponentResources
design your own rspec
ä keep it low-level (design for the component, not the user)
ä focus on activity that requires privilege
If you are building a user-level service
focus on the user
pick a platform, any platform (preferably one that has users)
Some Problems are Hard
Resource Specifications (rspecs)
keep it real
on-going synthesis (standardization-like activity)
permit multiple user-oriented variants
Resource Allocation
enable the market to decide
Identity or Access Control
enable the market to decide
influenced by policy considerations
________________________________________________
5) Discussion, including comments and questions from the audience:
Comment by Rob Ricci at University of Utah: The ProtoGENI project has an
Rspec that should be useful for GENI.
Comment by Rick McGeer at HP Labs: Regarding identity and access control,
we have no best practices. We should start with the requirements and work
towards a bakeoff.
Comment by ?: By saying identity and access control, we are making
assumptions. We should decouple identity from authorization and access
control.
Comment by Ted Faber at USC/ISI: Identity and access control are based on a
trust structure.
Comment by Rick McGeer at HP Labs: Writing best practices will clarify
solutions.
Comment by John Wroclawski at USC/ISI and Co-Chair of WG: We should have
different solutions for different circumstances and we should put
appropriate abstraction into the HLD.
Comment by Rick McGeer at HP Labs: The GRIP failed because its
authorization approach didnt work, and the fixes only made it worse.
Comment by ?: When working back up chain of trust, the last party is the
responsible party.
Comment by John Wroclawski at USC/ISI and Co-Chair of WG: We should
separate mechanisms and policies, and work to understand policies.
________________________________________________________________________
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
« Return to Thread: Minutes from GENI Control Framework WG Meeting at GEC-3 on 10/29/08
| Free embeddable forum powered by Nabble | Forum Help |
