Credential translations in Future Internet testbeds federation

With current advances in the deployment of testbeds for Future Internet (FI), a new challenge arises: identity management in a globally distributed environment. In this context, it is necessary to understand local and federated models of identity management to integrate testbeds. This paper presents the design and implementation of a module for credential translation that enables a user of an academic authentication and authorization (A&A) federation, such as CAFe (the Brazilian Federated Academic Community), to access the FI testbed federation. The proposed model supports the integration of testbed federations and academic federations. The proposal generates X.509 certificates and other standard credentials used in the testbed federation, following the SFA standard, based on user attributes obtained from the A&A federation (CAFe). The developed module also allows an attribute-based access control, denying or allowing a user access according to his/her attributes obtained from CAFe. Other contributions are based on facilities for the user to delegate his SFA credential to an experimenter control interface. The study was conducted using a real experimentation laboratory (GIDLab), in which mirrors of the CAFe federation and of the MySlice platform were set up to allow the comparison of security features of our scheme to other proposals.

[1]  R. D. Dhungana,et al.  Identity management framework for cloud networking infrastructure , 2013, 2013 9th International Conference on Innovations in Information Technology (IIT).

[2]  Jostein Jensen,et al.  Federated Identity Management Challenges , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[3]  Jim Basney,et al.  Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, Grid , 2006 .

[4]  A. Karp,et al.  From ABAC to ZBAC : The Evolution of Access Control Models , 2009 .

[5]  Yih-Jiun Lee A Dynamic Virtual Organization Solution for Web-Services Based Grid Middleware , 2005, 16th International Workshop on Database and Expert Systems Applications (DEXA'05).

[6]  J. van Leeuwen,et al.  Foundations of Security Analysis and Design II , 2001, Lecture Notes in Computer Science.

[7]  John White,et al.  Using virtual organizations membership system with EDG's grid security and database access , 2004, Proceedings. 15th International Workshop on Database and Expert Systems Applications, 2004..

[8]  Maximilian Ott,et al.  OMF: a control and management framework for networking testbeds , 2010, OPSR.

[9]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[10]  Peter Stuckmann,et al.  European research on future Internet design , 2009, IEEE Wireless Communications.

[11]  Elio Salvadori,et al.  Progressive virtual topology embedding in OpenFlow networks , 2013, 2013 IFIP/IEEE International Symposium on Integrated Network Management (IM 2013).

[12]  Leandros Tassiulas,et al.  FIBRE Project: Brazil and Europe Unite Forces and Testbeds for the Internet of the Future , 2012, TRIDENTCOM.

[13]  Dongkyun Kim,et al.  Federated network resource information management on Future Internet , 2011, The 4th International Conference on Interaction Sciences.

[14]  Hagen Woesner,et al.  OFELIA - Pan-European Test Facility for OpenFlow Experimentation , 2011, ServiceWave.

[15]  David W. Chadwick,et al.  Federated Identity Management , 2009, FOSAD.

[16]  Chunming Wu,et al.  A Review of Future Internet Research Programs and Possible Trends , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[17]  Roberto Gorrieri,et al.  Foundations of Security Analysis and Design VII , 2014, Lecture Notes in Computer Science.

[18]  Andrew Richards,et al.  ShibGrid: Shibboleth Access for the UK National Grid Service , 2006, 2006 Second IEEE International Conference on e-Science and Grid Computing (e-Science'06).

[19]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[20]  Jesse Leskinen Evaluation Criteria for Future Identity Management , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.