Changes between Version 29 and Version 30 of TIEDABACDemo


Ignore:
Timestamp:
07/13/09 18:44:44 (15 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACDemo

    v29 v30  
    161161[[Image(example15.png)]]
    162162
    163 Each side can check all the credentials to make sure the reasoning is sound.  The credentials only fit together one way so they agree on the proof.  At that point the authorization is complete.
     163While it sounds complex to say that the credentials reprsent the graph, the process of assembling the graph is trivial.  Each credential fits to the others in only one way.
    164164
    165 If the environment is open, the GENI principal can simply publish the relevant credential for CTF slice admin (and general) access.  Because each requester now knows the beginning of the graph, they are likely to be able to include the whole proof in their first request, removing a round trip time.
     165When faber receives the candidate graph, it can check the signatures of all the credentials and satisfy itself that the graph is well formed.  (It may need to find GENI's or ACM's public key, or the slice may have included them.)  Faber's only credential fits on the graph and establishes a path from faber to the '''GENI.CTFaccess''' credential.  Faber adds the credential to the message and returns it to the slice.  Once the slice confirms the signature, the two parties agree that faber can have access.
     166
     167The collaborative process is completely characterized by adding nodes to a graph in a simple manner.  Though the policies experessed by the system are complex, the process of validating any given prinicpal posses an attribute is very simple.
     168
     169Furthermore, both the rules and attributes are stored throughout the network.  The slide will be ignorant of the fairly complex rules that the UCLA principal has instituted until a principal from that university authorizes itself.  Note that credentials are simply signed statements (perhaps with a validity time).  So the slice can keep local rules from various domains and send larger initial graphs if it chooses to.
     170
     171If the environment is open, the GENI principal can simply publish the relevant credentials encoding its rules for CTF slice access.  Because each requester now knows the beginning of the graph, they are likely to be able to include the whole proof in their first request, removing a round trip time.
    166172
    167173In addition, the completed graph completely reflects the decisions made to grant or deny access.  These can be logged as expressive audit trials covering both the decisions and the reasons for those decisions.