Gestão de Identidade em Testbeds de Internet do Futuro baseada em Federações A&A Acadêmicas
Abstract
With current advances in the construction of experimentation environments (testbeds) for Future Internet (FI) a new challenge arises, the identity management on a globally distributed environment. In this context it is necessary to understand the local and federated models of identity management to integrate testbeds. This paper presents the design and implementation of a module for credential translation with objective to enable a user of Academic Community Federated (CAFe) or a federated LDAP tree to access the testbed federation and delegate its credentials too, aiming to increase the security. The proposal generates X.509 certificates and other standard credentials used in the testbeds federation, defined in SFA, based on user attributes obtained from CAFe. The proposed model suports the integration of testbed federations and academic federations. The developed module also allows an attribute-based access control, denying or allowing user access according to his/her attributes obtained from CAFe or a federated LDAP. The study was conducted using a real experimental laboratory (LabGId), in which provides mirrors of the CAFe federation and of the MySlice platforms.
References
Basney, J., Humphrey, M., and Welch, V. (2005). The myproxy online credential repository. Softw., Pract. Exper., 35(9):801–816.
Bavier, A., Feamster, N., Huang, M., Peterson, L., and Rexford, J. (2006). In VINI veritas: realistic and controlled network experimentation. SIGCOMM Comput. Commun. Rev., 36(4):3–14.
Buell, D. A. and Sandhu, R. S. (2003). IEEE Internet Computing: Guest Editors’ Introduction - Identity Management. IEEE Distributed Systems Online, 4(12).
Falk, A. (2011). Federation in geni - draft proposal - comments invited. In GENI Engineering Conferences - GEC11.
Fernandes, N. C., Silva, E., Muchaluat-Saade, D., and Magalhaes, L. (2013). Gest˜ao de identidade em testbeds brasileiros para a internet do futuro. In SBRC 2013 - WPEIF, Brasília.
Foster, I., Kesselman, C., and Tuecke, S. (2001). The anatomy of the grid: Enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl., 15(3):200–222.
Group, N.W. (2006). Comment on rfc 4516 - lightweight directory access protocol (ldap). ITU-T (2009). NGN identity management framework. Recommendation Y.2720.
Jeong, S. and Bavier, A. (2010). GENI Federation Scenarios and Requirements.
Köpsel, A. and Woesner, H. (2011). Ofelia: pan-european test facility for openflow experimentation. In Proceedings of the 4th European conference on Towards a servicebased internet, ServiceWave’11, pages 311–312, Berlin, Heidelberg. Springer-Verlag.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). Openflow: enabling innovation in campus networks. SIGCOMM Computer Communication Review, 38(2):69–74.
Mitchell, T. (2010). External Identity and Authorization in GENI. In 8th GENI Engineering Conference - GEC8.
Mitchell, T. (2011). Identity Management and Attributes in GENI. In 11th GENI Engineering Conference - GEC11.
Moreira, M. D. D., Fernandes, N. C., Costa, L. H. M. K., and Duarte, O. C. M. B. (2009). Internet do futuro: Um novo horizonte. In Minicursos do Simpósio Brasileiro de Redes de Computadores, SBRC’2009, pages 1–59. SBC.
OASIS (2005). Security assertion markup language (saml) v2.0.
Peterson, L., Ricci, R., Falk, A., and Chase, J. (2010). Slice-based federation architecture. Technical report.
Rakotoarivelo, T., Ott, M., Jourjon, G., and Seskar, I. (2010). OMF: a control and management framework for networking testbeds. SIGOPS Oper. Syst. Rev., 43(4):54–59.
Sallent, S., Abelém, A., Machado, I., Bergesio, L., Fdida, S., Rezende, J., Simeonidou, D., Salvador, M., Ciuffo, L., Tassiulas, L., and Bermudo, C. (2012). FIBRE project: Brazil and Europe unite forces and testbeds for the Internet of the future. In Proceedings of TridentCom 2012.
Scavo, T. e Cantor, S. (2005). Shibboleth architecture. Technical report.
Silva, E., Fernandes, N. C., Magalhaes, L., Muchaluat-Saade, D., and Rodriguez, N. (2013a). Gest˜ao de identidade em redes experimentais para a internet do futuro. In SBRC 2013 - Minicursos.
Silva, E., Muchaluat-Saade, D., and Fernandes, N. C. (2013b). Transposic˜ao de credenciais para uso de testbeds para a internet do futuro. In SBSeg 2013 - WGID, Manaus.
Silva, E., Muchaluat-Saade, D., Magalhaes, L., Fernandes, N. C., and Rodriguez, N. (2013c). Gest˜ao de identidade em organizac˜oes virtuais. In JAI 2013.
Spence, D., Geddes, N., Jensen, J., Richards, A., Viljoen, M., Martin, A., Dovey, M., Norman, M., Tang, K., Trefethen, A., Wallom, D., Allan, R., and Meredith, D. (2006).
ShibGrid: Shibboleth access for the UK National Grid Service. In eScience 2006, Amsterdam.
Wang, X. D., Jones, M., Jensen, J., Richards, A., Wallom, D., Ma, T., Frank, R., Spence, D., Young, S., Devereux, C., and Geddes, N. (2009). Shibboleth access for resources on the national grid service (sarongs). In Information Assurance and Security, 2009. IAS ’09. Fifth International Conference on, volume 2, pages 338–341.
