[Nsi-wg] Fwd: NSI and ABAC

Chin Guok chin at es.net
Wed May 14 10:18:04 EDT 2014 

Hi all,

Sorry for not forwarding on sooner.  This is the AuthZ model that GENI is
using.  It might be interesting to see if this is applicable  to any folks
here.

- Chin

---------- Forwarded message ----------
From: Stephen Schwab <schwab at isi.edu>
Date: Mon, May 5, 2014 at 5:24 PM
Subject: Re: NSI and ABAC
To: Chin Guok <chin at es.net>, faber at isi.edu
Cc: Tom Lehman <tlehman at umd.edu>, Tomohiro Kudoh <t.kudoh at aist.go.jp>, Guy
Roberts <Guy.Roberts at dante.net>, John MacAuley <macauley at es.net>


Chin, others —
Let me also introduce Ted Faber <faber at isi.edu>, who has lead much of the
implementation and integration work using ABAC within the DETER and
GENI-sponsored “TIED” project.

http://abac.deterlab.net is our wiki. From there, you can find links to
some introductory material under the GENI TIED project page, as well as
pointers to the latest software release.

There are many slides and papers on ABAC, going back to the work of Li,
Mitchell and Will Winsborough. Basically, Will Winsborough was working in
my lab at McAfee Research (later sold to SPARTA), when he collaborated with
Li and Mitchell at Stanford on a DARPA project that defined and implemented
the formal authorization semantics in the first ABAC prototype. The TIED
project later re-wrote that prototype into a stand-alone library with
bindings in C, Java, Python and Perl.

Jeff Chase at Duke, another collaborator on this thrust of work, wrote up a
nice summary note that might be an excellent starting point. We can bury
you in paper all too easily, and I don’t want to do that. ABAC is a really
simple idea, translated into working software, that can be a great starting
point for many distributed authorization systems. We’d like to pursue its
use across several of the emerging nationally funded research network
infrastructures.

—Steve

-- 
Chin Guok
NOC:  (510)
486-7600
Network Engineer
     (800)
333-7638
ESnet Network Engineering Group (AS293)
Lawrence Berkeley National Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ogf.org/pipermail/nsi-wg/attachments/20140514/b46a3ca8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: geni-abac.pdf
Type: application/pdf
Size: 200149 bytes
Desc: not available
URL: <http://www.ogf.org/pipermail/nsi-wg/attachments/20140514/b46a3ca8/attachment-0001.pdf>

More information about the nsi-wg mailing list