auth.html 4.28 KB
Newer Older
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1 2 3 4 5
<!--
   EMULAB-COPYRIGHT
   Copyright (c) 2000-2002 University of Utah and the Flux Group. -->
   All rights reserved.
  -->
6 7 8 9 10
<center>
<h1>
    Overview of the Authorization Scheme, Policy, <br> and "How To Get Started"
</h1>
</center>
Jay Lepreau's avatar
Jay Lepreau committed
11

12 13 14 15
We use a hierarchical structure: we authorize a project under a
principal investigator (e.g. a faculty member) and delegate authority
to that person to authorize the project's members-- and accountability
for their behavior.
Jay Lepreau's avatar
Jay Lepreau committed
16 17

<h3>How do I get started?</h3>
18
<p>
Jay Lepreau's avatar
Jay Lepreau committed
19 20 21 22 23 24 25 26 27 28
Briefly, you use the links at your left to create and join
<em>projects</em>.  Typically, someone who will be the <em>project
leader</em> requests permission from Testbed Ops/Admin, via the web
interface, to <em>create</em> a project.  In academic parlance, a
project leader is a "principal investigator."  That person is expected
to be someone who is responsible, whose position is more or less
verifiable by us, and is therefore accountable.  Specifically, the
project leader is held responsible for the actions of members of
his/her project.

29
<p>
Jay Lepreau's avatar
Jay Lepreau committed
30 31 32 33 34 35 36 37 38 39 40
For example, if you are a grad student who "owns" a project and no
faculty member is really involved, normally you should still get your
advisor or other professor to be the project leader.  Exceptions could
include your being a senior student well-known in the research
community.  If you are not a student, but a senior/core member of an
open source project, either you or someone more official in
the project should be leader, as appropriate.
If you are in a research lab and are not brand new there, you would
probably be the project leader.

<p>
41 42
Typically, after an hour to a day later, or up to week (rarely),
you will receive email from the testbed admin folks,
43 44 45
either approving or denying your project.  You will then be able to
really use the testbed: you will be able to perform various functions
through the Web interface and through a Unix login account.
Jay Lepreau's avatar
Jay Lepreau committed
46

47
<p>
Jay Lepreau's avatar
Jay Lepreau committed
48 49 50 51
People working on the project
(students, staff, etc.) will request permission from the project
leader, also via the web interface, to <em>join</em> the project.
These requests can precede project approval; they will be queued.
Jay Lepreau's avatar
Jay Lepreau committed
52 53 54
Once project members have been authorized by the leader, they can use
the Web interface and their Unix login to start and run experiments,
reserve and configure nodes, etc.
Jay Lepreau's avatar
Jay Lepreau committed
55 56

<p>
57
More detailed information on this
58 59
process can be found in the
<a href="docwrapper.php3?docname=faq.html">Emulab FAQ</a>.
Jay Lepreau's avatar
Jay Lepreau committed
60 61 62 63

<h3>Another way of saying the same thing</h3>

<p>
64 65
If you didn't understand that, then how about this. Use this set of
Web pages:
Jay Lepreau's avatar
Jay Lepreau committed
66 67 68 69

<ul>
<li> to gain authorization to use the testbed, either as
	<ul>
70 71
	<li> a project leader ("principal investigator") who is
	 starting a new project ("start project"), or
Jay Lepreau's avatar
Jay Lepreau committed
72 73 74 75 76 77
	<li> as a worker bee in a particular project ("join project");
	</ul>
<li> as a project leader, to approve or deny pending project members;
<li> to authenticate ("login") to the Web-based testbed services.
</ul>

78
<p>
Jay Lepreau's avatar
Jay Lepreau committed
79 80 81 82 83 84
When your project or membership request is approved or denied you will
receive email.

<h3>Seems awfully complicated</h3>

<p>
Jay Lepreau's avatar
Nits.  
Jay Lepreau committed
85
Experience shows that it's far easier in practice than it sounds.
Jay Lepreau's avatar
Jay Lepreau committed
86

87
<p>
Jay Lepreau's avatar
Jay Lepreau committed
88 89 90 91 92
We need accountability.  However, we want to avoid slowing things
down by checking every user-- thus we delegate that authority
to the PI's.  Since the PI (project leader) has so much authority,
we need more info from them, such as their postal address.

93
<p>
Jay Lepreau's avatar
typo  
Jay Lepreau committed
94
If you think this sounds bad, try getting access to a telescope
Jay Lepreau's avatar
Jay Lepreau committed
95 96
or supercomputer.

97
<p>
Jay Lepreau's avatar
Nits.  
Jay Lepreau committed
98
We are certainly open to suggestions, however.
Jay Lepreau's avatar
Jay Lepreau committed
99

100 101
<p>
<li><h4>I've been approved.  How do I use my account?</h4>
Jay Lepreau's avatar
Jay Lepreau committed
102 103 104 105 106 107 108 109 110 111
<p>
The first step would be to come back here and log in to the Web
interface.  That will update the list of options in the side bar.
	You might be authorized to start projects or experiments, or
	maybe just to use the nodes in an experiment. Either way, your
	options will show up in the side bar.
Those will normally include starting a new "experiment" which leads to
reserving a set of nodes, which leads to automatic creation of Unix
accounts on those nodes for all members in your project. You will be
able to use ssh to log into those machines.
112

Jay Lepreau's avatar
Jay Lepreau committed
113
<p>
Jay Lepreau's avatar
Jay Lepreau committed
114 115
You will also receive an account on the users' master host
"users.emulab.net", and from there will be able to access the test
Jay Lepreau's avatar
Jay Lepreau committed
116 117
nodes' serial line consoles via 'tip' as well as access console log
files.