wiki:FeddABAC

Version 2 (modified by faber, 14 years ago) (diff)

--

ABAC access control for Fedd

The ABAC access control system, developed at Stanford and realized by a group in Trusted Information Systems that later moved to SPARTA, is a formal, flexible, scalable access control system based on formal derivation of user attributes, attested by other trusted users. We have been planning to integrate it into fedd for some time. We have recently implemented ABAC in a portable library and this implementation has been integrated into fedd. Under our associated TIED project, we have completed a similar integration with GENI's reference aggregate manager, part of their developing GENI API.

This page describes the use of ABAC with fedd, concentrating on using the transition tools to create initial ABAC credential stores from which to run fedd. In order to get the most from this page, you should be familiar with

Storing Credentials

Users and servers (fedd instances) now both have credential stores to maintain. When using ABAC credentials to enforce the same kinds of access control as three-names neither users nor servers will see much change. Credentials will be managed transparently.

By default a user will maintain a credential store in a directory named .abac

Attachments (2)

Download all attachments as: .zip