Changes between Version 2 and Version 3 of TIEDABACModel


Ignore:
Timestamp:
07/28/09 14:02:12 (15 years ago)
Author:
mikeryan@isi.edu
Comment:

grammar and typo

Legend:

Unmodified
Added
Removed
Modified

  • TIEDABACModel

    v2 v3  
    1717An attribute is a property of a principal created by the assertion of another princppal.  The University of Southern California (a principal) may assert that Ted Faber (a principal) is a staff member (attribute).  The attributes are scoped by prinicpal, that is if USC asserts Ted Faber is staff, that is one attribute, if ISI also asserts that Ted Faber is staff that is a second attribute.  Assertions are represented as a digitally signed statement, called a credential.
    1818
    19 A given prinicpal may also assert rules about how attributes relate.  The GPO may assert that all USC GENI staff are also GPO prototypers.  That delegates authority to USC add to GPO prototypers.  In this case the delegated attribute (GPO prototypers) is given to prinicpals who also possess the delegating attribute (ISI GENI).
     19A given prinicpal may also assert rules about how attributes relate.  The GPO may assert that all USC GENI staff are also GPO prototypers.  That delegates authority to USC to add to GPO prototypers.  In this case the delegated attribute (GPO prototypers) is given to prinicpals who also possess the delegating attribute (USC GENI).
    2020
    2121Finally, a principal may delegate at one remove.  The GPO may assert that any NSF PI (any principal that the NSF has asserted a PI attribute about) can designate a principal as a GENI user and that user will be a GPO GENI user.  The NSF can affect GPO GENI users by creating or deleting PIs; that is, by adding or removing assertions that a particular principal is a PI.  Individual PIs can also directly designate local GENI users that are also GPO GENI users as above.