Advertisement

Abstract

Federating the numerous existing networking testbeds offers multiple possible benefits, but so far testbeds and federation efforts remained semi-independent, and not wholly united as a single federation. We identify several problems against federation, namely, establishing new trust relations and agreeing on a common schema between the entities. In this paper we explore practical ways to set up federations by making use of the existing organization to user, and inter-organizational trust relations. First we give an analysis of the existing testbeds and federations in terms of their trust models, and the set of technologies they use. Next, we argue for a design of a federation which leverages existing trust relationships. Our prototype implementation shows how readily this design can be implemented using a minimal set of schema and technologies being used by the existing testbeds and federations. Using our analysis we then show how this design can be expanded for larger scale federations, and give examples of possible future trust models.

Keywords

Trust Model Trust Relationship User Base Prototype Implementation Trust Relation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/
  2. 2.
    Basney, J., Humphrey, M., Welch, V.: The myproxy online credential repository. Softw Pract. Exper. 35(9), 801–816 (2005)CrossRefGoogle Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the IEEE Symposium on Research in Security and Privacy Technical Committee on Security and Privacy, Oakland, CA, IEEE Computer Society Press (1996)Google Scholar
  4. 4.
    CILogon: Secure access to NSF CyberInfrastructure, http://www.cilogon.org
  5. 5.
    Fu, Y., Chase, J., Chun, B., Schwab, S., Vahdat, A.: SHARP: an architecture for secure resource peering. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), Bolton Landing, NY, USA, pp. 133–148. ACM (2003)Google Scholar
  6. 6.
    GENI: Global Environment for Network Innovations, http://www.geni.net
  7. 7.
    InCommon Federated Identity and Access Management, http://www.incommonfederation.org/
  8. 8.
    Jim, T.: SD3: A trust management system with certified evaluation. In: IEEE Symposium on Security and Privacy, pp. 106–115 (2001)Google Scholar
  9. 9.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy (SSP 2002), Washington, Brussels, Tokyo, pp. 114–130. IEEE (2002)Google Scholar
  10. 10.
    Liberty Trust Models Guidelines, http://www.oasis-open.org/
  11. 11.
    Open Science Grid: A national, distributed computing grid for data-intensive research, http://www.opensciencegrid.org/
  12. 12.
    OpenID Decentralized authentication protocol, http://openid.net
  13. 13.
    Peterson, L., Bavier, A., Fiuczynski, M., Muir, S.: Experiences Building PlanetLab. In: Proc. 7th OSDI, Seattle, WA (November 2006)Google Scholar
  14. 14.
    Peterson, L., Ricci, R., Falk, A., Chase, J.: Slice-Based Federation Architecture. In: Ad Hoc Design Document (July 2008)Google Scholar
  15. 15.
    ProtoGENI: Prototype implementation and deployment of GENI, http://www.protogeni.net/
  16. 16.
    Reeves, D.M., Grosof, B.N., Wellman, M.P., Chan, H.Y.: Toward a declarative language for negotiating executable contracts (June 23, 1999)Google Scholar
  17. 17.
    Security Assertion Markup Language (SAML) v2, http://www.oasis-open.org/specs/#samlv2.0
  18. 18.
    Shibboleth federated identity management system, http://shibboleth.internet2.edu/
  19. 19.
    Wallom, D., Spence, D., Tang, K., Meredith, D., Jensen, J., Trefethen, A.: A trefethen: Shibgrid, a shibboleth based access method to the national grid service (2007) (submitted to ahm)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  • Soner Sevinc
    • 1
  1. 1.Princeton UniversityUSA

Personalised recommendations