sfa and abac n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SFA and ABAC PowerPoint Presentation
Download Presentation
SFA and ABAC

Loading in 2 Seconds...

play fullscreen
1 / 5

SFA and ABAC - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

SFA and ABAC. Andy Bavier, David Cheperdak , Rick McGeer. Key Points. Prototype of ABAC – SFA integration Working to incorporate into SFA mainline Plan to deploy on GENICloud OK to support it on PlanetLab Wait for admin, user tool support Not pushing for this. ABAC – SFA Integration.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SFA and ABAC' - talon-spencer


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sfa and abac

SFA and ABAC

Andy Bavier, David Cheperdak, Rick McGeer

key points
Key Points
  • Prototype of ABAC – SFA integration
    • Working to incorporate into SFA mainline
  • Plan to deploy on GENICloud
  • OK to support it on PlanetLab
    • Wait for admin, user tool support
    • Not pushing for this
abac sfa integration
ABAC – SFA Integration
  • Work by David Cheperdak at UVic
  • Potential benefits
    • Easy to set up federation with other aggregates
    • Specify fine-grained access policies
    • Separate policy and mechanism in SFA impl.
    • Auditing of policy decisions
  • On track to include ABAC as an experimental feature in a future SFA release
abac on genicloud
ABAC on GENICloud
  • History of GENICloud:
    • V1: Eucalyptus
    • V1.5: PlanetLab
  • V2: Rebuilding GENICloud using OpenStack
    • PlanetLab tools to manage physical nodes
    • OpenStack to manage virtualization
    • SFA to expose virtual resources
  • Plan:
    • Currently down, back up by April 15
    • Accept ABAC credentials
    • Continue to accept “legacy” credentials
abac on planetlab
ABAC on PlanetLab
  • We have really simple policies
    • Not clear that there is a strong case for ABAC
  • Practical ramifications of a switch unclear
    • Still trying to understand David’s prototype
  • Tentatively OK with supporting ABAC if:
    • Adopted by the GENI community
    • Good admin tools support for configuring
    • Good user tools for handling credentials