In OpenEdge we address these challenges via two complementary and interacting components. First, FlowOps implements the network abstraction offered to service and application providers and realizes the underpinnings of that abstraction on the physical network. FlowOps provides a simple API that allows service/application providers to treat the entire network as a “big switch”. This leaves the service providers free to focus on the semantics and logic of the service/application they want to provide. The minimal semantics of the FlowOps API means that the network operator is free to implement underlying connectivity using any technology they desire. The only requirement is that strong isolation is provided between network resources associated with different services.

The second OpenEdge architectural component, SecureOps, deals with authenticated access to the network and services/ap- plications available on the network. The SecureOps design is inspired by the security framework used in cellular networks. Specifically, in SecureOps, access to a network service is authenticated via security credentials contained in a virtual subscriber identity module (V-SIM). Unlike a physical SIM, the V-SIM allows separate credentials for different services, allowing a more fine-grained service model. Our V-SIM can be realized solely in software, or made more secure by utilizing Trusted Platform Module (TPM) functionality.