AAAuthreach Project Information Page

AAAuthreach Project Information Page

In support of the Generic AAA Authorisation Framework and GAAA Toolkit (GAAA-TK) development - Related technologies and components

Check also recent research papers.

SAML and XACML for Authorisation: Attribute profiles, Credentials Validation Services, Obligations handling, Authorisation session management with Authorisation tickets and tokens

XACML Authorisation Interoperability profile for Network Resource Provisioning (XACML-NRP profile). Phosphorus technical document - See below.
- Presentation at NML-WG, OGF23, 2 June 2008, Barcelona
- Implementation in the GAAA-TK library for Phosphorus project. (see below)
Associated project - "An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids (XACML-Grid profile)". (Joint project by EGEE, OSG, Globus) Version 1.0, May 16, 2008.(EGEE link) (Local copy).
- Supplementary test policies - Obligations support scenarios
- Presentation at OGSA-AUTHZ WG, OGF23, 2 June 2008, Barcelona
SAML-XACML Authorisation Interface and XACML Obligations Handling. - Work in progress. - Draft version 0.3, April 2 9, 2008 - Published in USENIX2008 MGC Workshop paper
Using SAML and XACML for Authorisation assertions and messaging: SAML and XACML standards overview and usage examples.- Work in progress. - Draft version 0.2. - March 28, 2005.
XACML Policy Examples and policy generation tools

Supplementary test policies Obligations support scenarios
Simple RBAC based XACML Policy - Example 1, Example 2, Example 3

Related OGF recommendations GFD.156 - GFD.159 - See below

Security Infrastructure for Complex/Network Resource Provisioning (NRP/CRP) - Research and Development
(link to technical papers and project reports)

GEYSERS Project: Security Architecture for On-Demand Infrastructure Services Provisioning, Project report 2013
- Project Deliverable D4.2 Multicloud Security, 2016
Phosphorus Project Deliverable D4.5 "Updated GAAA Toolkit library for ONRP (March 30, 2009)
This deliverable describes GAAA-TK library implementtaion for Network Resource Provisioning that support XACML-NRP policy profile, signalling and extended Authoirsation sesssion management with AuthZ tickets and tokens.
Phosphorus Project Deliverable D4.3.1 "GAAA toolkit pluggable components and XACML policy profile for ONRP" (July 2009)
Phosphorus Project Deliverable D4.1 "AAA Architectures for multi-domain optical networking scenario's". (September 30, 2007)
This deliverable describes the result of the development of the AAA Authorisation infrastructure for multidomain Optical Network Resources Provisioning (ONRP).
Filling the Gap with GAAA-P: Gap Analysis of Authorisation technologies and solutions for Optical Light Path Provisioning, By Yuri Demchenko, Bas van Oudenaarde, Leon Gommans. - Technical report, RoN GP-NG (September 2006). (Local copy)
Using AuthZ/AuthN tickets and tokens for Access Control system performance optimisation:
Authorisation and Policy Enforcement in Open Collaborative Environment (OCE) - Design document. - Collaboratory.nl Project Technical document (Historical, 2005). - Draft version 0.2.

Test implementation in Java - Aaauthreach project

AAAuthreach.org project - Recent snapshot aaauthreach20090428.zip (README-gaaa-tk-lib.)
Note: Can be directly installed into Eclipse or imported into other Java IDE (required libraries lib-aaauthreach.zip)
GAAA-TK pluggable library - supports download/lib-aaauthreach.zip
- GAAA-TK library version 0.9 (WP4-aaaa bundle - contains gaaa-tk-lib-v*.jar file, supporting directories, test classes, and external libraries)
Token Validation Service (TVS) to support Token Based Networking. - Note: Currently TVS is a part of the GAAA-TK library and AAAuthreach.org project (Historical - October 2007)

XML Signature and XML Encryption

Providing Integrity and Confidentiality with the XML Security: XML Digital Signature and XML Encryption overview and usage examples.- Work in progress. - Draft version 0.1. - January 13, 2005.

Technology tests
- XML Signature and XML Encryption test implementation in Java as component of the AAAuthreach package
  - Check IODEF XML Signature and Encryption page
  - READMExmlsec file

Related OGF Recommendations

GFD.159 Use of XACML Request Context to Obtain an Authorisation Decision, by D. Chadwick, L. Su, R. Laborde, OGF Recommendation, Nov 2009
GFD.158 Use of SAML to retrieve Authorization Credentials, by V. Venturi, T. Scavo, D. Chadwick, OGF Recommendation, Nov 2009
GFD.157 Use of WS-TRUST and SAML to access a Credential Validation Service, by D. Chadwick, L. Su, OGF Recommendation, Nov 2009
GFD.156 Functional Components of Grid Service Provider Authorisation Service Middleware, by D. Chadwick, OGF Recommendation, Oct 2009

Maintainer: Yuri Demchenko