Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015.

Published byMark Andrews Modified over 9 years ago

Similar presentations

Presentation on theme: "Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015."— Presentation transcript:

1 Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015

2 Basics of GENI Federation Partitioned trust All identities and assertions verified cryptographically No federation member can forge credentials for other members Separate Authentication and Authorization Authentication: “Who is this user?” (Member Authority) Authorization: “Why are they allowed to use the facility?” (Slice Authority) Use untrusted tools as much as possible Eg. multiple portals “Speaks-for” for accountability Federation established by a trusted third party (Clearinghouse) Anyone can join more than one federation As simple as adding and removing root certificates

3 Successes in GENI Federation 142 aggregates federated Moderately heterogeneous Clusters Wireless Backbone networks Existing testbeds Includes international resources Reasonably broad and consistent tool support Adding a new federate is easy (from a clearinghouse standpoint) Decentralized model / autonomous facilities Model is used for multiple testbeds / federations Multiple overlapping federations

4 Contributing Factors Limited number of implementations Can use personal communication, not precise specs Limited number of resource owners -> common purpose Mostly moving in the same direction Limited heterogeneity Would be hard to find what you want, but most of it is similar Not much policy diversity Don’t have to explain differences to users, tools Frequent meetings Close communications, forcing functions

5 Scaling to an International Effort More implementations Heavier reliance on specifications and tests More resource owners Every owner needs an incentive to federate More heterogeneous Ability to search More policy diversity We are going to have to talk more about how to expose this to users More loosely coupled development More reliance on online collaboration, less on face-to-face meetings

6 Rob’s Thoughts

7 Infrastructure doesn’t federate, people federate Give people-organization features priority from the beginning

8 Build loose, rather than strict, federations Federation structures between people are complex and vary a lot

9 – Clarke’s Third Law “Any sufficiently advanced technology is indistinguishable from magic.” –Ricci’s Addendum to Clarke’s Third Law “… but any sufficiently advanced federation is still distinguishable from a single facility.”

10 Users want to do research or take classes, not learn about infrastructure Smooth over the differences you can, expose those that you can’t directly

11 –Clarke’s Second Law “The only way of discovering the limits of the possible is to venture a little way past them into the impossible.” Enable people to use the infrastructure for things you didn’t think you designed it for, without asking your permission.

12 –Clarke’s First Law “When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.”

13 Federate early and often

Download ppt "Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015."

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
The Future of Technology Presentation of the 2003 IEEE Fellows Technology Survey Prof. R. Struzak School on Radio Use for Information.

The Future of Technology Presentation of the 2003 IEEE Fellows Technology Survey Prof. R. Struzak School on Radio Use for Information.
Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.

Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.
The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.

The Changing Role of the Technologist as Higher Ed Embraces the Cloud Michele Decker, University of Notre Dame Jacob Farmer, Indiana University Derek D.
CERN August 2011CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr Head CERN Teacher Programmes and.

CERN August 2011CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr Head CERN Teacher Programmes and.
CERN October 2014CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr CERN, JINR Dubna, and University.

CERN October 2014CERN Teacher Programmes1 CERN Teacher Programmes Inspiring the next generation of scientists Mick Storr CERN, JINR Dubna, and University.
HOPE August 20141 CERN Inspiring the next generation of scientists Mick Storr CERN and University of Birmingham.

HOPE August CERN Inspiring the next generation of scientists Mick Storr CERN and University of Birmingham.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.

Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
1 Disruptive Technology … an innovation that helps create a new market and value network, and eventually goes on to disrupt an existing market and value.

1 Disruptive Technology … an innovation that helps create a new market and value network, and eventually goes on to disrupt an existing market and value.
Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.

Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.

Emulab Federation Preliminary Design Robert Ricci with Jay Lepreau, Leigh Stoller, Mike Hibler University of Utah USC/ISI Federation Workshop December.
1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.

1 Governance in Identity Management Federations Clair Goldsmith, Ph.D. The University of Texas System Administration.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok.

Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.

Gary Brown, Senior Systems Developer, Portal Development Team Identity Management Toolkit a JISC sponsored project.

Similar presentations

Ads by Google