1 / 5

SFA and ABAC

SFA and ABAC. Andy Bavier, David Cheperdak , Rick McGeer. Key Points. Prototype of ABAC – SFA integration Working to incorporate into SFA mainline Plan to deploy on GENICloud OK to support it on PlanetLab Wait for admin, user tool support Not pushing for this. ABAC – SFA Integration.

talon-spencer
Télécharger la présentation

SFA and ABAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SFA and ABAC Andy Bavier, David Cheperdak, Rick McGeer

  2. Key Points • Prototype of ABAC – SFA integration • Working to incorporate into SFA mainline • Plan to deploy on GENICloud • OK to support it on PlanetLab • Wait for admin, user tool support • Not pushing for this

  3. ABAC – SFA Integration • Work by David Cheperdak at UVic • Potential benefits • Easy to set up federation with other aggregates • Specify fine-grained access policies • Separate policy and mechanism in SFA impl. • Auditing of policy decisions • On track to include ABAC as an experimental feature in a future SFA release

  4. ABAC on GENICloud • History of GENICloud: • V1: Eucalyptus • V1.5: PlanetLab • V2: Rebuilding GENICloud using OpenStack • PlanetLab tools to manage physical nodes • OpenStack to manage virtualization • SFA to expose virtual resources • Plan: • Currently down, back up by April 15 • Accept ABAC credentials • Continue to accept “legacy” credentials

  5. ABAC on PlanetLab • We have really simple policies • Not clear that there is a strong case for ABAC • Practical ramifications of a switch unclear • Still trying to understand David’s prototype • Tentatively OK with supporting ABAC if: • Adopted by the GENI community • Good admin tools support for configuring • Good user tools for handling credentials

More Related