|Components||testbed server, testbed node|
Users (researchers) should be securely authenticated and authorized so only the proper users are able to perform the actions desired.
User permission management need to create, read, update and delete (CRUD) operations for authentication (tokens) and authorization (permissions).
These operations are strongly linked with the user management requirement, as identity could also relate to the identities on the community networks.
The identity of a user (id/auth-token) can be a simple pair uname/pass, uname/key_pair or even a full-qualified user id (e.g. email-address) and auth token, that can even be federated (e.g. OpenID, OAuth)
We can borrow most of the terminology from PlanetLab if not suggested otherwise.
Researchers need a way to manage the attributes and permissions associated to its unique identity (and its relationship to resource slices).
Researchers are assumed to be registered on the central server beforehand with a unique id (e-mail?). The list of high level management functions they can perform through the main web server interface would be (TODO: look closely to the SFA interface but it is something like that):
Nodes might simply need to know the identities of the users allowed to access a specific sliver (or the “root” sliver by the admins) so there must be a way to keep that info up to date at each node involved.
Some users might be allowed extended operations on a node/sliver or on the server based on the level of access required by its experiment, on its skills or needs, on its special role in the testbed, or on the choice of a testbed manager
(as in other requirements)
Finding out which are the specific requirements in community networks. E.g. requiring researchers to abide the specific community network agreement (e.g. pico-peering agreement, or achieving some kind of reputation level or a level of resource contribution) before being given a wider range of permissions (e.g. capture packet headers)
Confine is quite similar to Planetlab but over a set of nodes inside community networks.