Changes between Version 24 and Version 25 of TIEDABACDemo
- Timestamp:
- 07/13/09 14:25:37 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDABACDemo
v24 v25 91 91 The wording for the credential is a little comples, but it says "Any principal that has a ''P''.'''CTFcontestant''' attribute where ''P'' that has the '''ACM.gamerep''' attribute has the '''GENI.CTFaccess''' attribute, signed GENI". More simply, the ACM principal can designate representatives by giving them the '''ACM.CTFrep''' attribute; when those representatives give another principal their '''.CTFcontestant''' attribute, the principal with that attribute is given the '''GENI.CFTaccess''' attribute. ACM representatives can grant access to the slice. 92 92 93 An advantage of this is that it creates a new administrative group - ACM's game representatives - that can be useful in other contexts. For example, this same group can designate contestants for93 An advantage of this is that it creates a new administrative group - ACM's game representatives - that can be useful in other contexts. For example, this same group of representatives can designate contestants for other competitions or other attributes relevant to the capture the flag contest without further changes by the ACM. Delegating through individual ACM attributes would require continuing work by the ACM. 94 94 95 The ACM principal designates representatives by creating the '''ACM. CTFrep''' attribute and connecting principals to it. Below is an example designating the UCLA, USC, and MIT principals as representatives.95 The ACM principal designates representatives by creating the '''ACM.gamerep''' attribute and connecting principals to it. Below is an example designating the UCLA, USC, and MIT principals as representatives. 96 96 97 97 [[Image(example5.png)]] … … 99 99 == Independent Contestent Administration == 100 100 101 This section shows how ABAC supports independent selection of contestants by the principals above. Each demonstrates different 101 This section shows how ABAC supports independent selection of contestants by the principals above. Each demonstrates different policies taken by the representatives. 102 103 === Direct Nomination === 104 105 The USC principal designates individual contestants directly. In the explorer we create a scope for the USC principal and create the following attributes, principals, and connections: 106 107 [[Image(example6.png)]] 108 109 Looking at the '''GENI.CTFaccess''' query, we see this subgraph representing the new policies: 110 111 [[Image(example14.png)]] 112 113 102 114 103 115