Access Control for Federation of Emulab-Based Network Testbeds

This paper describes a resource access control system for federation of Emulab-based testbeds within the DETER federation architecture. The system is based on three levels of principals and uses generalizations of the Emulab project system to assign access rights. A prototype implementation is described. This paper lays out a model for granting experimenters controlled access to multiple Emulab [White02]-based testbeds in order to establish federated experiments, and describes a prototype. The model generalizes the single-emulab resource access mechanisms to a federated environment. Access decisions are based on the identity of the requesting experimenter as well as projects or testbeds associated with that experimenter. The prototype uses several extensible technologies and is in use federating experiments.