Fine Grained Authorization for GARA Automated Bandwidth Reservation

Fine Grained Authorization image This demonstration shows modifications to the Globus Toolkit General-purpose Architecture for Reservation and Allocation (GARA). Specifically, it shows (1) a fine-grained cross-domain authorization for GARA that leverages existing security and group services and (2) the elimination of the need for long-term Public Key credentials, currently required by the system. Also shown is a secure and convenient Web interface for making reservation requests based on Kerberos credentials.

GARA modifications are demonstrated by reserving bandwidth for a videoconference application running between sites with distinct security domains. Traffic generators overload the router interface servicing the video receiver, degrading the video quality when bandwidth is not reserved. Successful reservation occurs only when the reservation parameters are within policy bounds, and when the requestor is a member of the required groups. At reservation start time, the end-domain Cisco ingress routers are configured with the appropriate Committed Access Rate (CAR) limit, which marks the packets and polices the flow. The participating routers are statically configured with Weighted Random Early Detection (WRED), Cisco's implementation of the Random Early Detection class of congestion avoidance algorithms. The router configurations are removed at reservation end.

Acknowledgment: University of Michigan Department of Physics; University of Michigan College of Literature, Science, and the Arts; University of Michigan Center for Information Technology Integration (CITI); University of Michigan Office of the Vice President for Research; Merit; University Corporation for Advanced Internet Development (UCAID); European Organization for Nuclear Research (CERN); Argonne National Laboratory; The Globus Project; EU DataGrid; DataTAG.

William A. (Andy) Adamson, Shawn McKee, University of Michigan, USA
Olivier Martin, Daniel Davids, Martin Fluckiger, Jean-Philippe Martin-Flatin, CERN, Switzerland

William A. Adamson
University of Michigan, USA


web @ euro-link.org    Euro-Link Logo