Changes between Version 10 and Version 11 of TIEDABACDemo


Ignore:
Timestamp:
07/10/09 18:27:36 (10 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACDemo

    v10 v11  
    108108There are two classes of princpals that will be requesting access to GENI resources for this contest.  There will be a comparatively small number of officials that will need allocation and configuration rights to the slice in order to set up and administer the game.  There will also be the thousands or more contestants who will need access to the slice, but not configuration rights.  Because of the large number of contestants, the ACM does not want to be directly in charge of vetting each one.  Individual universities (and perhaps other sites) will be able to decide on the criteria to admit players from their institutions independently.  Should anything go amiss - or any kind of cheating be detected - officials will want to know where the contestent came from and how they were admitted.
    109109
     110==== ABAC Encoding (simple delegation) ===
     111
    110112For the purposes of the example, we assume that there is a GENI principal that has allocated an empty slice for the contest.  That slice will be expanded and configured by principals with the GENI.adminCTF attribute and accessible by players with the GENI.accessCTF attribute.  We now lay out the attribute policies for allocating these two attributes.
    111113
     
    117119
    118120[[Image(example2.png)]]
     121
     122The ACM principal can add or delete officials independently, and those officials have admin rights to the slice automatically.
     123
     124Of course, both the ACM and GENI will be assigning other attributes unrelated to this project, so their attribute space may be large enough that we provide a tool to maintain these spaces and their ramifications.  Most of the images in this section are screenshots from that application.  The image below is the result of a query for all users with the GENI.CTFadmin attributes from a set of attributes that includes those above.
     125