August 2011 - Nsi-wg - lists.ogf.org

Question about message attrbutes..
by Jerry Sobieski 09 Aug '11

09 Aug '11

John - this may be for you... In reviewing this issue on the RA/PA... I went looking at the UML doc Guy circulated as it is a bit easier to read than the raw WSDL... The messages all have the requesterNSAID and the providerNSAID fields, directly folowed by the "sessionSecurityID". This is the only field I see for security attributes. I thought our conclusion was that there would be two security layers: a NSA _/session/_ level authentication/authorization credentials, and a /_request_/ level authorization credential that would authorize the particular action requested relative to the resource or information context of the request. Does this sessionSecirity field do double duty authenticating the remote NSA *and* authorizing the particular service request? I trust the MTL to authenticate the messaging, as the NSI layer should never see messages from an unauthenticated NSA. But the NSI layer does need the authorization credentials in order to properly evaluate the primitive... The authorization of an NSI request is not an MTL function. So I am just a bit unsure how this field is planned to be used within the WSDL. Thoughts/Comments? Jerry

3 6

Tomorrow's NSI conf call
by Guy Roberts 09 Aug '11

09 Aug '11

Hi all, The following is dial-in information for Wednesday's NSI call, time: 7:00 PDT 10:00 EDT, 15:00 GMT, 16:00 CET, 24:00 JST 1. Dial Toll-Free Number: 866-740-1260 (U.S. & Canada) 2. International participants dial: Toll Number: 303-248-0285 Or International Toll-Free Number: http://www.readytalk.com/intl 3. Enter 7-digit access code 8937606, followed by "#" Agenda: NSI Plugfest preparation Guy _____________________________________________________________________ ** Guy Roberts, PhD Network Engineering & Planning * * Tel: +44 (0)1223 371300 * * City House Direct: +44 (0)1223 371316 * 126-130 Hills Road Fax: +44 (0)1223 371371 * Cambridge * CB2 1PQ E-mail: guy.roberts(a)dante.net<mailto:guy.roberts@dante.org.uk> D A N T E United Kingdom WWW: http://www.dante.net _____________________________________________________________________

1 0

Plugfest advice
by Jerry Sobieski 08 Aug '11

08 Aug '11

Hi all- With respect to the Plugfest, I need to define the authorization specifics we will use for all the requests. The Plugfest guide says we will only have one authorized credential: A "shaman" is a god - it can do anything/everything. My intent in the interop was simply to show that basic authorization *was* being performed in the proper places and consistently across al implementations: If the shaman credentials are presented, it should pass authorization. If any other credentials are presented, they should fail authorization. I didn't want to push the teams too hard on the particulars at this time, but perhaps this is easier than I think. We need to define the sessionSecurity field for the interop. John, or anybody else,... Any suggestions for a simple test auth field? Thanks Jerry

2 1

NSI plugfest
by Jerry Sobieski 08 Aug '11

08 Aug '11

Hi all- I need a point of contact for each NSI Development team participating in the Rio Plugfest. I need to begin coordinating the schedule - which means I need input from you all. Please send me directly the following: 1. Implementation Name: e.g. "OSCARS", "DRAC" etc. 2. Project manager for the development effort. name/email/mobile/skype. 3. Key software engineer name/email/mobile/skype. 4. Indicate which individuals will be in Rio in person to participate in the Plugfest. 5. Status - Please provide a brief status of your implementation. In particular, I am looking for status of key technical capabilities, when you expect to begin and/or complete them. Please review the Plugfest guide (attached) for guidance on what capabilities I am looking for progress. Also, if there are any obstacles, please note them - I may be able to help, or others may need to consider them as well. Lastly- please review the plugfest guide. This is what you will be demonstrating in 5 weeks! If this is not clear, too easy, or too ambitious, etc... we need to know. Thanks! Jerry

1 0

minutes from today's NSI call
by Guy Roberts 08 Aug '11

08 Aug '11

... are available here: http://forge.gridforum.org/sf/go/doc16307?nav=1 _____________________________________________________________________ ** Guy Roberts, PhD Network Engineering & Planning * * Tel: +44 (0)1223 371300 * * City House Direct: +44 (0)1223 371316 * 126-130 Hills Road Fax: +44 (0)1223 371371 * Cambridge * CB2 1PQ E-mail: guy.roberts(a)dante.net<mailto:guy.roberts@dante.org.uk> D A N T E United Kingdom WWW: http://www.dante.net _____________________________________________________________________

3 4

Interop testing
by Jerry Sobieski 02 Aug '11

02 Aug '11

Hi all- The GLIF NSI Interop Plugfest will be using existing servers for the tests. I.e. Since the NSAs will need to run in the wild anyway, there was little to be gained by moving them to laptops in Rio. So, at the recent OGF NSI meeting, we elected to allow implementation teams to host their NSAs on any server they chose - presumably their development servers at their home facilities. It has been brought to my attention that interoperability testing may be constrained by firewalls in the various networks. I am curious about this - is this a broad based problem that the NSAs will generally be behind firewalls and that block web services? (... Don't all of the web services run under the HTTP or HTTPS ports?) Please let me know your particular exposure to this issue. And since some of the implementations need to deal with this, I would ask that everyone send me the IP addresses that your NSAs will be using, and identify which ports the server will use. I will circulate this to the implementation teams. Note: For interop testing, you will be required to run multiple NSAs such that they are verifiably independent instances (such as would be the case for two independent domains using the same software package for their NSA.) One way to accomplish this would be to use separate hdw servers with separate IP addresses. Thus, you may want to identify several IP addresses that will or might host NSAs. Also, if you require firewall holes for remote access to reach your development facility from Rio, let me know and I will ask the hosts what CIDR blocks we'll be using. A detailed Interop plan with the Challenge details will be forthcoming in the next day or so for review and comment. (I simply need to comlplete some details on one of the last Challenge.) Thanks Jerry

1 0

tomorrow's NSI conf call
by Guy Roberts 02 Aug '11

02 Aug '11

Hi all, The following is dial-in information for Wednesday's NSI call, time: 7:00 PDT 10:00 EDT, 15:00 GMT, 16:00 CET, 24:00 JST 1. Dial Toll-Free Number: 866-740-1260 (U.S. & Canada) 2. International participants dial: Toll Number: 303-248-0285 Or International Toll-Free Number: http://www.readytalk.com/intl 3. Enter 7-digit access code 8937606, followed by "#" Agenda: Freezing the NSI WSDL and State Machine for plugfest prototyping. Guy _____________________________________________________________________ ** Guy Roberts, PhD Network Engineering & Planning * * Tel: +44 (0)1223 371300 * * City House Direct: +44 (0)1223 371316 * 126-130 Hills Road Fax: +44 (0)1223 371371 * Cambridge * CB2 1PQ E-mail: guy.roberts(a)dante.net<mailto:guy.roberts@dante.org.uk> D A N T E United Kingdom WWW: http://www.dante.net _____________________________________________________________________

1 1