| 64 | |
| 65 | Once the delegation has been made (and this does assume an out of band communication between the delegator and delegee, but there's an implication of trust there that makes this communcation reasonable) the ACM principal can begin authorizing officials who will have the right to administer the contest slice. |
| 66 | |
| 67 | We show this by opening a new attribute domain associated with the ACM principal, creating the '''ACM.CTFofficial''' attribute and connecting some principals to it as before. |
| 68 | |
| 69 | [[Image(example2.png)]] |
| 70 | |
| 71 | Now we have two prinicpals granting credentials that grant attributes to principals across domains. Following the inter-principal connections can be confusing, so the explorer allows users to search the space from a global view. This shows what authorizations are possible, given the attributes that the explorer knows about. To activate this feature, the user types an attribute to track in the query window, and the explorer tracks relevant changes. A sample window showing the results of a query for '''GENI.CTFadmin''' appears below. |
| 72 | |
| 73 | [[Image(example3.png)]] |