Agreed, if EVERY
communication between researchers and aggregates have to go through the
clearinghouse. If I understand it right, this choice may have
significant implications on the expected large scale, global GENI
infrastructure.
I think Jeff's suggestions should be a good candidate solution to the
issue we are trying to address here, in the sense not requiring a
centralized solution while not requiring high-speed switches to deal
with all the potentially complex interactions.
Hongwei
Aaron Falk wrote:
Hongwei Zhang wrote:
Another implication (and potential challenge) of the alternative
approach is that the AM has to maintain the state of credentials.
I don't think so. In my (perhaps simple) understanding, the
**clearinghouse** maintains state of the credentials. In fact, I think
that is the nut of the proposal. A researcher presents credentials to
the CH, which validates them before forwarding the request to the AM.
The AM trusts the CH to perform the validation.
This appears to be a more stateful approach compared with the orignial
one, and this may also have implications for the allowable time
interval between a research getting his resource-access-credential and
actually using the resource.
Again, I don't think so. As soon as the researcher gains access to the
clearinghouse (an 'account'), the CH can validate him.
--aaron
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
