Activities update Generic AAA based provisioning

1
Activities update Generic AAA based
provisioning Of Network Elements WP2.3 /
WP4.2 CERN 25/11/03 Bas van Oudenaarde /
Leon Gommans University of Amsterdam
2

• Testbed
• Decided to use 1670s at CERN - solved cost
  issues
• Alcatel installation 1670s at CERN early
  december.
• Surfnet-CERN connection is being installed now.
• Dissemination
• - Demo SC2003 using Netherlight and Starlight in
  collaboration
• with EVL at UIC using Calient Photonic Cross
  connect.
• Two Scenarios PIN/PDC/AAA and full AAA.
• - Presented generic AAA toolkit at TERENA
  workshop
• TF-AACE in Malaga.
• Standards body
• document was discussed at GGF9.

25 Nov 2003 DataTAG meeting CERN
Leon Gommans
3

• Toolkit - projected functionality 31/3/2004 as
  deliverable
• A browser based tool to generate a AAA request
  using OGSI. v
• OGSI based front end to the RBE to receive AAA
  request messages
• and use GSI based authentication. v
• Tool to create, edit, store and deploy a policy
  in a MySQL database. v
• The Rules Based Engine to execute a simple
  if/then/else policy. v
• An ASM framework to drive a TL1 style network
  device (Calient). v
• An ASM framework to drive an SNMP style network
  device (Enterasys). v
• An ASM framework to handle ASCII ISN I/F
  messages (Alcatel NMS).
• An ASM that interacts with a simple terminal
  window.
• An ASM to generate a AAA request to another RBE
  in different domain. v
• An ASM to check the authenticity of a VOMS
  pseudo-certificate.
• An ASM that uses GARA as resource manager for
  advance reservation.

4
Alcatel setup (CERN)
RBE
ASM
Policy Database
Alcatel 1353 SH Alcatel 1354 RM
NIKHEF - AMSTERDAM
SURFNET
CERN- GENEVA
IP network
ISO TMN network
1000SX
1000SX
1670 ADM
1670 ADM
1000SX
1000SX
25 Nov 2003 DataTAG meeting CERN
Leon Gommans
5
Collaborative Multi-domain experiment at SC2003
PIN DOES ROUTE DETERMINATION BASED ON SOURCE
ROUTING
PIN
PIN
PHOTONIC INTERDOMAIN NEGOTIATOR
PDC
ASM
AuthZ
RBE
ASM
Resource Mgr
Policy Database
ASM
PHOTONIC DOMAIN CONTROLLER
PHOTONIC POLICY BASED ACCESS CONTROLLER
PIN AND PDC ARE DEVELOPMENTS FROM EVL
Calient PXC
Calient PXC
PC
PC
PC
PC
25 Nov 2003 TERENA TF-AACE
Leon Gommans
6
AAA based Multi-domain experiment at SC2003
OGSI WS I/F
ASM
AuthZ
RBE
ASM
ASM
Resource Mgr
Policy Database
ASM
RBE
RBE
Policy Database
Policy Database
ASM
ASM
OGSI Client I/F
PC
Calient PXC
Calient PXC
PC
PC
PC
25 Nov 2003 TERENA TF-AACE
Leon Gommans
7

• Deliverable WP4
• Task 4.2 Networked resource access policy,
  authorization and security (month 1-24)
• Collaborations will rely on computing resources
  managed with different security systems and
  policies. The aim of this task is
• to identify the major problems and to find
  inter-Grid level mechanisms capable to
  interoperate with the domain specific
• authentication, authorization and management
  rules and procedure. The Community Authorization
  Service model
• will be examined in the context of the US and EU
  Grid domains.
• Deliverables
• D4.3 (prototype) months 24 components and
  documentation for the final project release
• D4.4 (prototype) months 24 Trans-Atlantic Grid
  enabled applications and documentation.

8
WP4.2 / 2.3 Activities update Thank you
Leon Gommans lgommans_at_science.uva.nl
25 Nov 2003 DataTAG meeting CERN
Leon Gommans