Changes between Version 22 and Version 23 of TIEDABACDemo


Ignore:
Timestamp:
07/13/09 12:36:00 (10 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACDemo

    v22 v23  
    6262
    6363Like all drawn arrows, this represents a credential; that credential says "any principal having the ACM.CTFofficial attribute has the GENI.CTFadmin attribute, signed the GENI principal."  Because the GENI principal cannot control how the '''ACM.CTFofficial''' is administered by the ACM principal (or even that such an attribute exists) this is a delegation of power.
     64
     65Once the delegation has been made (and this does assume an out of band communication between the delegator and delegee, but there's an implication of trust there that makes this communcation reasonable) the ACM principal can begin authorizing officials who will have the right to administer the contest slice.
     66
     67We show this by opening a new attribute domain associated with the ACM principal, creating the '''ACM.CTFofficial''' attribute and connecting some principals to it as before.
     68
     69[[Image(example2.png)]]
     70
     71Now we have two prinicpals granting credentials that grant attributes to principals across domains.  Following the inter-principal connections can be confusing, so the explorer allows users to search the space from a global view.  This shows what authorizations are possible, given the attributes that the explorer knows about.  To activate this feature, the user types an attribute to track in the query window, and the explorer tracks relevant changes.  A sample window showing the results of a query for '''GENI.CTFadmin''' appears below.
     72
     73[[Image(example3.png)]]
    6474
    6575