Version 1 (modified by prateek, 7 years ago)

--

A sample ABAC scenario

We have the following actors as part of our implementation.

  • GOC: GENI's trust root
  • IdP1: Identity Provider
  • ProjAuth?1: Project Authority
  • SliceAuth?1: Slice Authority
  • OrcaAM1: Orca Aggregate Manager
  • Alice: PI
  • Bob: Experimenter

We suppose the the working directory to contain the ABAC Tools jar and the entity's key pair to be available under a directory named credentials. Also, the private key and the certificate files are expected to be named as <Entity Name>_private.pem and <Entity Name>_cert.pem, respectively.

GOC

GOC will endorse all the coordinators according to their specific functionalities. Credentials, once generated are uploaded to POD. The uploaded credentials are associated with the uploader, which in this case is the GOC, and are associated to the subject's public key identifier.

GOC.GeniIdP <- IdP1
GOC.GeniPA <- ProjAuth1
GOC.GeniSA <- SliceAuth1
java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/GOC_private.pem --issuercert credentials/GOC_cert.pem --role GeniIdP 
--subjectcert credentials/IdP1_cert.pem --scope `java -cp AbacTools.jar util.GetPublicKeySha1Hash credentials/IdP1_cert.pem`

java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/GOC_private.pem --issuercert credentials/GOC_cert.pem --role GeniPA 
--subjectcert credentials/ProjAuth1_cert.pem --scope `java -cp AbacTools.jar util.GetPublicKeySha1Hash credentials/ProjAuth1_cert.pem`

java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/GOC_private.pem --issuercert credentials/GOC_cert.pem --role GeniSA 
--subjectcert credentials/SliceAuth1_cert.pem --scope `java -cp AbacTools.jar util.GetPublicKeySha1Hash credentials/SliceAuth1_cert.pem`