auth.html 4.15 KB
Newer Older
1 2 3 4 5
<center>
<h1>
    Overview of the Authorization Scheme, Policy, <br> and "How To Get Started"
</h1>
</center>
Jay Lepreau's avatar
Jay Lepreau committed
6

7 8 9 10
We use a hierarchical structure: we authorize a project under a
principal investigator (e.g. a faculty member) and delegate authority
to that person to authorize the project's members-- and accountability
for their behavior.
Jay Lepreau's avatar
Jay Lepreau committed
11 12

<h3>How do I get started?</h3>
13
<p>
Jay Lepreau's avatar
Jay Lepreau committed
14 15 16 17 18 19 20 21 22 23
Briefly, you use the links at your left to create and join
<em>projects</em>.  Typically, someone who will be the <em>project
leader</em> requests permission from Testbed Ops/Admin, via the web
interface, to <em>create</em> a project.  In academic parlance, a
project leader is a "principal investigator."  That person is expected
to be someone who is responsible, whose position is more or less
verifiable by us, and is therefore accountable.  Specifically, the
project leader is held responsible for the actions of members of
his/her project.

24
<p>
Jay Lepreau's avatar
Jay Lepreau committed
25 26 27 28 29 30 31 32 33 34 35
For example, if you are a grad student who "owns" a project and no
faculty member is really involved, normally you should still get your
advisor or other professor to be the project leader.  Exceptions could
include your being a senior student well-known in the research
community.  If you are not a student, but a senior/core member of an
open source project, either you or someone more official in
the project should be leader, as appropriate.
If you are in a research lab and are not brand new there, you would
probably be the project leader.

<p>
36 37
Typically, after an hour to a day later, or up to week (rarely),
you will receive email from the testbed admin folks,
38 39 40
either approving or denying your project.  You will then be able to
really use the testbed: you will be able to perform various functions
through the Web interface and through a Unix login account.
41

42
<p>
Jay Lepreau's avatar
Jay Lepreau committed
43 44 45 46
People working on the project
(students, staff, etc.) will request permission from the project
leader, also via the web interface, to <em>join</em> the project.
These requests can precede project approval; they will be queued.
47 48 49
Once project members have been authorized by the leader, they can use
the Web interface and their Unix login to start and run experiments,
reserve and configure nodes, etc.
Jay Lepreau's avatar
Jay Lepreau committed
50 51

<p>
52
More detailed information on this
53 54
process can be found in the
<a href="docwrapper.php3?docname=faq.html">Emulab FAQ</a>.
Jay Lepreau's avatar
Jay Lepreau committed
55 56 57 58

<h3>Another way of saying the same thing</h3>

<p>
59 60
If you didn't understand that, then how about this. Use this set of
Web pages:
Jay Lepreau's avatar
Jay Lepreau committed
61 62 63 64

<ul>
<li> to gain authorization to use the testbed, either as
	<ul>
65 66
	<li> a project leader ("principal investigator") who is
	 starting a new project ("start project"), or
Jay Lepreau's avatar
Jay Lepreau committed
67 68 69 70 71 72
	<li> as a worker bee in a particular project ("join project");
	</ul>
<li> as a project leader, to approve or deny pending project members;
<li> to authenticate ("login") to the Web-based testbed services.
</ul>

73
<p>
Jay Lepreau's avatar
Jay Lepreau committed
74 75 76 77 78 79
When your project or membership request is approved or denied you will
receive email.

<h3>Seems awfully complicated</h3>

<p>
Jay Lepreau's avatar
Jay Lepreau committed
80
Experience shows that it's far easier in practice than it sounds.
Jay Lepreau's avatar
Jay Lepreau committed
81

82
<p>
Jay Lepreau's avatar
Jay Lepreau committed
83 84 85 86 87
We need accountability.  However, we want to avoid slowing things
down by checking every user-- thus we delegate that authority
to the PI's.  Since the PI (project leader) has so much authority,
we need more info from them, such as their postal address.

88
<p>
Jay Lepreau's avatar
Jay Lepreau committed
89
If you think this sounds bad, try getting access to a telescope
Jay Lepreau's avatar
Jay Lepreau committed
90 91
or supercomputer.

92
<p>
Jay Lepreau's avatar
Jay Lepreau committed
93
We are certainly open to suggestions, however.
Jay Lepreau's avatar
Jay Lepreau committed
94

95 96
<p>
<li><h4>I've been approved.  How do I use my account?</h4>
Jay Lepreau's avatar
Jay Lepreau committed
97 98 99 100 101 102 103 104 105 106
<p>
The first step would be to come back here and log in to the Web
interface.  That will update the list of options in the side bar.
	You might be authorized to start projects or experiments, or
	maybe just to use the nodes in an experiment. Either way, your
	options will show up in the side bar.
Those will normally include starting a new "experiment" which leads to
reserving a set of nodes, which leads to automatic creation of Unix
accounts on those nodes for all members in your project. You will be
able to use ssh to log into those machines.
107

Jay Lepreau's avatar
Jay Lepreau committed
108
<p>
109 110
You will also receive an account on the users' master host
"users.emulab.net", and from there will be able to access the test
Jay Lepreau's avatar
Jay Lepreau committed
111 112
nodes' serial line consoles via 'tip' as well as access console log
files.