Slice-based Federation Architecture (SFA) provides a minimal interface to enable the federation of testbeds with different technologies and belonging to different administrators, while granting the control of the resources to their owners. This allows researchers to combine resources available in different testbeds, increasing the scale and diversity of their experiments.
SFA is based on a set of high-level concepts that define the actors and the resources that interact on the testbed, as well as defining an architecture with its interfaces and main datatypes to facilitate the federation of testbeds.
On SFA, principals refers to the actors present on the architecture. SFA considers three principals:
On the other hand, the CONFINE data model defines users and groups. CONFINE's users are equivalent to the users in SFA, whereas for the authorities, CONFINE does not distinguish between management and slice authority: the authority of a slice will be the group related to it, while the management authority of a component will be the group related to it.
In this case, CONFINE is centrally managed by the controller, so both the management authority and the slice authority are implemented by the controller.
The resources managed on a testbed are not only the physical substrate, but also the share of resources assigned to a researcher, which usually correspond to virtualized versions of the former substrate. SFA abstracts those resources in:
The software modules that manage those components are the aggregate manager for the components (or component manager if it manages a single component) and the slice manager for slices and slivers.
The case in CONFINE is pretty similar, we have slivers and slices, where slices have an equivalent set of states: register, deploy and start, and the only components that CONFINE considers are research devices (nodes). Regarding the management, it is all done in a centralized way by the controller.
SFA defines the interaction between actors and resources by means of a set of APIs, however, before getting into detail, some datatypes need to be explained, to understand them. The main datatypes in SFA are:
CONFINE leasing of resources does not work as a ticket system, so it lacks both the ticket and credential datatypes. However, SFA tickets in CONFINE may be handled as temporary allocations of resources with a lifetime limited to that of the associated GID.
The interaction of all these components is shown in the picture below (SVG source):
The Community-Lab testbed provides a SFA interface for federation with other testbeds. The SFA-compliant interface is provided by a wrapper implemented on top of the REST API, and it can be used to interact with the testbed in a federation scenario.