Changes between Version 30 and Version 31 of TIEDABACDemo
- Timestamp:
- 07/13/09 19:07:51 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDABACDemo
v30 v31 37 37 == Assigning Attributes to Principals Directly (local GENI administrator) == 38 38 39 In order to assign that attribute to a principal using the explorer, one connects the principal representation (an ellipse with that prinicpal's name in it) to the attribute in question. The following shows the '''BBNAdmin'''principal being assigned the '''GENI.CTFadmin''' attribute.39 In order to assign that attribute to a principal using the explorer, one connects the principal representation (an ellipse with that prinicpal's name in it) to the attribute in question. The following shows the BBNAdmin principal being assigned the '''GENI.CTFadmin''' attribute. 40 40 41 41 [[Image(example0.png)]] … … 135 135 == Overall == 136 136 137 A query for principals with athGENI.CTFaccess query, given the setup above looks like:137 A query for principals with the GENI.CTFaccess query, given the setup above looks like: 138 138 139 139 [[Image(example10.png)]] … … 165 165 When faber receives the candidate graph, it can check the signatures of all the credentials and satisfy itself that the graph is well formed. (It may need to find GENI's or ACM's public key, or the slice may have included them.) Faber's only credential fits on the graph and establishes a path from faber to the '''GENI.CTFaccess''' credential. Faber adds the credential to the message and returns it to the slice. Once the slice confirms the signature, the two parties agree that faber can have access. 166 166 167 The completed graph in that message looks like: 168 169 [[Image(example16.png)]] 170 167 171 The collaborative process is completely characterized by adding nodes to a graph in a simple manner. Though the policies experessed by the system are complex, the process of validating any given prinicpal posses an attribute is very simple. 168 172