| 159 | |
| 160 | === Negotiating Access === |
| 161 | |
| 162 | While the global graph is somewhat daunting in its complexity, it is important to realize that any single access decision requires the construction of only one path from principal to attribute. The two endpoints construct a graph together from their credentials, each of which represents an edge in the visualization above. For example, the case where faber is authenticating to the slice requires proving that faber has the GENI.CTFadmin credential. The slice has the following relevant credential: |
| 163 | |
| 164 | [[Image(example1.png)]] |
| 165 | |
| 166 | And faber holds: |
| 167 | |
| 168 | [[Image(example11.png)]] |
| 169 | |
| 170 | The simplest exchange is that faber requests access, the slice sends its relevant credential as a starting graph and faber responds with the completed graph: |
| 171 | |
| 172 | [[Image(example12.png)]] |
| 173 | |
| 174 | Each side can check all the credentials to make sure the reasoning is sound. The credentials only fit together one way so they agree on the proof. At that point the authorization is complete. |
| 175 | |
| 176 | If the environment is open, the GENI principal can simply publish the relevant credential for CTF slice admin (and general) access. Because each requester now knows the beginning of the graph, they are likely to be able to include the whole proof in their first request, removing a round trip time. |