Cate that binds the public key to the slice and signs

Info icon This preview shows pages 29–31. Sign up to view the full content.

View Full Document Right Arrow Icon
cate that binds the public key to the slice, and signs that certificate using its own public key. It also includes in the certificate a similar certificate that binds the NM public key to node manager itself, this certificate being signed by the node’s MA at boot time, as part of the boot protocol. When a service wishes to invoke an operation on either the MA or SA, it must first authenticate itself to the authority and get a session key that it passes to subse- quent calls. This authentication is performed by calling a session key = AuthenticateCertificate(cert) operation, with the service’s certificate as a parameter. The authority verifies the certificate (i.e., checks that the sequence of signatures in the certificate can be traced back to a well-known CA), creates a session key appropriate for the level of access the caller is to be granted to that particular authority, and uses the public key in the certificate to encrypt the session key. Only the corresponding private key, held by the caller, can be used to decrypt the session key. Certificates created in this way can also be used in any scenario that requires authentication of the caller’s identity, not just interaction between a service and an authority. For example, one service might use such a certificate to identify itself to a resource broker so that the broker can determine which service to charge for resource usage. Note that although this description assumes that certificates are used to verify the identity of a particular service, it could readily be applied to certificates that instead specify particular capabilities be granted to the certificate bearer. 6 Interfaces This section enumerates PlanetLab’s externally visible interfaces and data formats (interface specifications) and its internal (private) interfaces, giving pointers to the corresponding specification or reference implementation, respectively. 28
Image of page 29

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Node Manager: Provides an interface used by infrastructure services to create and manipulate virtual machines and resource pools. This interface can only be invoked locally. Most operations take an RSpec as an argument (external interface specified in [6]). Slice Creation Service: Provides a remotely accessible interface invoked by slice authorities and users to create slices (external interface specified in [6]). Slice Authority: Provides an interface that is used by research organizations to register their users, by users to their create slices, and by management au- thorities (and other third parties) to learn the set of users associated with a given slice name (external interface specified in [4]). Management Authority: Provides two interfaces: a public interface used by research organizations to register their nodes with a management authority and both users and slice authorities to learn the set of nodes managed by the authority (external interface spec- ified in [4]); and a private interface used by nodes to download and install PlanetLab software and node configuration files (reference implemenation de- scribed in [3]).
Image of page 30
Image of page 31
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern