Friday, October 15, 2004

Croquet and Signet

The Croquet team at the University of Wisconsin has just been invited to join the Internet2 MACE Signet Early Adopter program (see http://middleware.internet2.edu/signet/ ). Signet is a tool for managing fine-grained authorization and role information. The Signet Working Group is led by Lynn McRae at Stanford University and seeks to explore a privilege management system from Internet2 MACE Signet. Their approach seems well suited to a P2P world, and there is software available in a month or two.

This invitation will bring Croquet and Signet development teams into a collaboration centered around privilege management in a VO (that's "Virtual Organization" in the sense of the term popularized by the Grid community) featuring a peer-to-peer interactive environment. Signet appears well suited to managing fine grained permissions on objects in a distributed environment. Involvement between Signet and Croquet Project efforts would highlight new areas of work for Signet because of its decentralized, peer-to-peer model and its unique provisioning challenge--how privilege information infrastructure can be extended to help manage users' access to objects and their services in Croquet space.

The first thing would be to explore mapping Signet privilege delegation trees and lattices to a Croquet-based peer-to-peer community. Imagine a collaborative educational effort that brought the subspaces of several participating developers at multiple institutions into a single Croquet world. I guess you can call this a virtual organization (VO). Signet would have to treat each developer in the VO as a root authority for permissions on objects they create, leading to an array of relatively small and short privilege trees when compared to a privilege management systems that covered financial, organizational and academic hierarchies across a single large research university. In addition, there is a limit to scale when permissions have to be granted to individuals one by one. As the VO grows, the authors of services and resources will eventually find it necessary to develop a shared VO-wide vocabulary of roles and rules in order to keep privilege granting manageable. The Signet team recognizes this as an area for future work. The Croquet project will now provide one driver for that effort.

1 comment:

Julian Lombardi said...

November 1, 2004 is the target date for a working demo of Signet including basic pages to navigate and assignment functionality without limits. The release date target for functioning code is mid December. There will likely be a NSF Middleware Initiative (NMI) release in December that will include Signet and Grouper. Early adopters of Signet are encouraged to provide design ideas, subsystem privileges and function names for the demo. So far, Queens University, UC Davis, USC and the University of Wisconsin (with the University of Minnesota and the Croquet project) have been accepted as early adopters of Signet per the recent CFP.