Changes between Version 23 and Version 24 of TIEDABACDemo

07/13/09 14:01:18 (14 years ago)




    v23 v24  
     75The query window shows all nodes reachable from the query attibute in a graph with all the arrows' directions reversed, and keeps the display up to date so the user can see the results of changes to the graph.
     77== Delegating for Contestants ==
     79In granting contestants access we have several goals:
     81 * The ACM principal wants some control in authorizing contestants
     82 * The ACM principal does not want the overhead of vetting each contestant
     83 * Universities and other institutions want a role in deciding who to allow into the game
     85In order to meet these roles, a natural system is for the ACM to designate certain representatives who can designate contestants on the ACM's behalf.  These representatives can choose contestants however they like.  By granting this power the ACM gives these entities the control they want, and minimizes its direct involvement.
     87In ABAC, this is represented as a linked attribute.  In the explorer, one can create such a linked attribute in a way similar to creating a standard attribute.  Here the GENI principal creates such a rule that allows ACM representatives to designate contestants, all of whom will be granted the CTFaccess attribute.
     91The wording for the credential is a little comples, but it says "Any principal that has a ''P''.'''CTFcontestant''' attribute where ''P'' that has the '''ACM.gamerep''' attribute has the '''GENI.CTFaccess''' attribute, signed GENI".  More simply, the ACM principal can designate representatives by giving them the '''ACM.CTFrep''' attribute; when those representatives give another principal their '''.CTFcontestant''' attribute, the principal with that attribute is given the '''GENI.CFTaccess''' attribute.  ACM representatives can grant access to the slice.
     93An advantage of this is that it creates a new administrative group - ACM's game representatives - that can be useful in other contexts. For example, this same group can designate contestants for
     95The ACM principal designates representatives by creating the '''ACM.CTFrep''' attribute and connecting principals to it.  Below is an example designating the UCLA, USC, and MIT principals as representatives.
     99== Independent Contestent Administration ==
     101This section shows how ABAC supports independent selection of contestants by the principals above.  Each demonstrates different