Changes between Version 2 and Version 3 of TIEDABACModel
- Timestamp:
- 07/28/09 14:02:12 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDABACModel
v2 v3 17 17 An attribute is a property of a principal created by the assertion of another princppal. The University of Southern California (a principal) may assert that Ted Faber (a principal) is a staff member (attribute). The attributes are scoped by prinicpal, that is if USC asserts Ted Faber is staff, that is one attribute, if ISI also asserts that Ted Faber is staff that is a second attribute. Assertions are represented as a digitally signed statement, called a credential. 18 18 19 A given prinicpal may also assert rules about how attributes relate. The GPO may assert that all USC GENI staff are also GPO prototypers. That delegates authority to USC add to GPO prototypers. In this case the delegated attribute (GPO prototypers) is given to prinicpals who also possess the delegating attribute (ISIGENI).19 A given prinicpal may also assert rules about how attributes relate. The GPO may assert that all USC GENI staff are also GPO prototypers. That delegates authority to USC to add to GPO prototypers. In this case the delegated attribute (GPO prototypers) is given to prinicpals who also possess the delegating attribute (USC GENI). 20 20 21 21 Finally, a principal may delegate at one remove. The GPO may assert that any NSF PI (any principal that the NSF has asserted a PI attribute about) can designate a principal as a GENI user and that user will be a GPO GENI user. The NSF can affect GPO GENI users by creating or deleting PIs; that is, by adding or removing assertions that a particular principal is a PI. Individual PIs can also directly designate local GENI users that are also GPO GENI users as above.