Changes between Version 34 and Version 35 of TIEDABACDemo


Ignore:
Timestamp:
07/14/09 17:54:41 (10 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACDemo

    v34 v35  
    6969In the explorer the GENI user creates an attribute named ACM.CTFofficial and draws an arrow from it to GENI.CFTaccess.  Note that the GENI user cannot draw lines into the ACM.CTFofficial attribute, because that attribute is controlled by ACM, but it can delegate control of its own '''GENI.CFTadmin''' attribute.
    7070
    71 [[Image(example1.png)]]
     71[[Image(explorer4.png)]]
    7272
    7373Like all drawn arrows, this represents a credential; that credential says "any principal having the ACM.CTFofficial attribute has the GENI.CTFadmin attribute, signed the GENI principal."  Because the GENI principal cannot control how the '''ACM.CTFofficial''' is administered by the ACM principal (or even that such an attribute exists) this is a delegation of power.
     
    7777We show this by opening a new attribute domain associated with the ACM principal, creating the '''ACM.CTFofficial''' attribute and connecting some principals to it as before.
    7878
    79 [[Image(example2.png)]]
     79[[Image(explorer5.png)]]
    8080
    8181Now we have two prinicpals granting credentials that grant attributes to principals across domains.  Following the inter-principal connections can be confusing, so the explorer allows users to search the space from a global view.  This shows what authorizations are possible, given the attributes that the explorer knows about.  To activate this feature, the user types an attribute to track in the query window, and the explorer tracks relevant changes.  A sample window showing the results of a query for '''GENI.CTFadmin''' appears below.