113 | | Of particular interest is the dashed blue line connection the '''(ACM.gamerep).CTFcontestant''' attribute and the '''USC.CTFcontestant''' attribute boxes. Unlike the other arrows in the graph, this connection is deduced from credentials rather than being specifically represented by one. The text overlaying the snapshow shows the connection. |
114 | | |
115 | | [[Image(example15.png)]] |
| 113 | Of particular interest is the dashed blue line connection the '''(ACM.gamerep).CTFcontestant''' attribute and the '''USC.CTFcontestant''' attribute boxes. Unlike the other arrows in the graph, this connection is deduced from credentials rather than being specifically represented by one. The text overlaying the snapshow shows the connection between the rules and credentials as well as the implied edge. |
| 114 | |
| 115 | Again, a principal has all the attributes it can reach via edges (implied or explicit) in the graph. |
| 116 | |
| 117 | This direct nomination is the simplest way to had out credenitals. |
| 118 | |
| 119 | === More Complex Delegations === |
| 120 | |
| 121 | All the delegation mechanisms discussed so far work within the delegated principals. So one can directly delegate directly by |
| 122 | |
| 123 | [[Image(example7.png)]] |
| 124 | |
| 125 | Which allows all students to participate |
| 126 | |
| 127 | Or indirectly by |
| 128 | |
| 129 | [[Image(example8.png)]] |
| 130 | |
| 131 | [[Image(example9.png)]] |
| 132 | |
| 133 | Which allows Mike, an ACM officer to select participants. |
| 134 | |
| 135 | == Overall == |
| 136 | |
| 137 | A query for principals with ath GENI.CTFaccess query, given the setup above looks like: |
| 138 | |
| 139 | [[Image(example10.png)]] |