| 24 | |
| 25 | [[Image(Basic.png)]] |
| 26 | |
| 27 | Principals are represented as circles. Our principals are labeled with simple, human-readable names, but in reality the assertions being made are being made about their globally unique identifiers. Those IDs are essentially a public key that identifies the principal (though some systems like Kerberos may have a more intricate implementation). Tools, including ours, represent principals using a readable name, but that's to help users of those tools. |
| 28 | |
| 29 | Attributes are a rectangle containing the principal that asserts the attribute and the attribute name in dotted notation. The '''USC.staff''' attribute means that the USC principal is asserting a GENI attribute. Again, USC is shorthand for that principal's unique identifier, but the attribute names are simple strings. |
| 30 | |
| 31 | The arrow connecting an attribute to a principal indicates that the principal has the attribute. We point the arror toward the attribute, indicating that the principal is in the group. The presence of such an arror indicates that the principal controlling the attribute has issued a signed assertion that the other principal has the given attribute. In the example USC has issued an assertion that Ted is in USC.GENI. |