Changes between Version 34 and Version 35 of TIEDABACDemo
- Timestamp:
- 07/14/09 17:54:41 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDABACDemo
v34 v35 69 69 In the explorer the GENI user creates an attribute named ACM.CTFofficial and draws an arrow from it to GENI.CFTaccess. Note that the GENI user cannot draw lines into the ACM.CTFofficial attribute, because that attribute is controlled by ACM, but it can delegate control of its own '''GENI.CFTadmin''' attribute. 70 70 71 [[Image(ex ample1.png)]]71 [[Image(explorer4.png)]] 72 72 73 73 Like all drawn arrows, this represents a credential; that credential says "any principal having the ACM.CTFofficial attribute has the GENI.CTFadmin attribute, signed the GENI principal." Because the GENI principal cannot control how the '''ACM.CTFofficial''' is administered by the ACM principal (or even that such an attribute exists) this is a delegation of power. … … 77 77 We show this by opening a new attribute domain associated with the ACM principal, creating the '''ACM.CTFofficial''' attribute and connecting some principals to it as before. 78 78 79 [[Image(ex ample2.png)]]79 [[Image(explorer5.png)]] 80 80 81 81 Now we have two prinicpals granting credentials that grant attributes to principals across domains. Following the inter-principal connections can be confusing, so the explorer allows users to search the space from a global view. This shows what authorizations are possible, given the attributes that the explorer knows about. To activate this feature, the user types an attribute to track in the query window, and the explorer tracks relevant changes. A sample window showing the results of a query for '''GENI.CTFadmin''' appears below.