Credential translations in Future Internet testbeds federation

With current advances in the deployment of testbeds for Future Internet (FI), a new challenge arises: identity management in a globally distributed environment. In this context, it is necessary to understand local and federated models of identity management to integrate testbeds. This paper presents the design and implementation of a module for credential translation that enables a user of an academic authentication and authorization (A&A) federation, such as CAFe (the Brazilian Federated Academic Community), to access the FI testbed federation. The proposed model supports the integration of testbed federations and academic federations. The proposal generates X.509 certificates and other standard credentials used in the testbed federation, following the SFA standard, based on user attributes obtained from the A&A federation (CAFe). The developed module also allows an attribute-based access control, denying or allowing a user access according to his/her attributes obtained from CAFe. Other contributions are based on facilities for the user to delegate his SFA credential to an experimenter control interface. The study was conducted using a real experimentation laboratory (GIDLab), in which mirrors of the CAFe federation and of the MySlice platform were set up to allow the comparison of security features of our scheme to other proposals.