Version 2 (modified by 14 years ago) (diff) | ,
---|
ABAC access control for Fedd
The ABAC access control system, developed at Stanford and realized by a group in Trusted Information Systems that later moved to SPARTA, is a formal, flexible, scalable access control system based on formal derivation of user attributes, attested by other trusted users. We have been planning to integrate it into fedd for some time. We have recently implemented ABAC in a portable library and this implementation has been integrated into fedd. Under our associated TIED project, we have completed a similar integration with GENI's reference aggregate manager, part of their developing GENI API.
This page describes the use of ABAC with fedd, concentrating on using the transition tools to create initial ABAC credential stores from which to run fedd. In order to get the most from this page, you should be familiar with
- The ABAC model as it is used by DETER.
- There is a worked example that can be helpful here
- The existing fedd access databases
Storing Credentials
Users and servers (fedd instances) now both have credential stores to maintain. When using ABAC credentials to enforce the same kinds of access control as three-names neither users nor servers will see much change. Credentials will be managed transparently.
By default a user will maintain a credential store in a directory named .abac
Attachments (2)
- complex.png (67.0 KB) - added by 14 years ago.
- simple.png (45.0 KB) - added by 14 years ago.
Download all attachments as: .zip