Changes between Version 16 and Version 17 of AbacScenario

Show
Ignore:
Timestamp:
06/01/12 20:55:44 (7 years ago)
Author:
prateek (IP: 174.109.213.177)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AbacScenario

    v16 v17  
    9393}}} 
    9494 
     95=== Aggregate Manager (Orca Service Manager) === 
     96 
     97The AM generates its trust policy credentials. 
     98 
     99{{{ 
     100OrcaAM.GeniSA <- GOC.GeniSA 
     101OrcaAM.GeniUser <- GOC.GeniIdP.GeniUser 
     102}}} 
     103 
     104{{{ 
     105java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/OrcaAM1_private.pem --issuercert credentials/OrcaAM1_cert.pem --role GeniSA  
     106--subjectcert credentials/GOC_cert.pem --subjectrole GeniSA 
     107 
     108java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/OrcaAM1_private.pem --issuercert credentials/OrcaAM1_cert.pem --role GeniUser  
     109--subjectcert credentials/GOC_cert.pem --subjectrole GeniIdP.GeniUser 
     110}}} 
     111 
     112---- 
     113 
    95114=== User Registration === 
    96115 
    97 Alice and Bob register at the IdP. IdPs are shibboleth authenticated. The related ABAC credentials are generated according to their primary affiliation, and uploaded to a credential store. 
     116Alice and Bob register at the IdP. IdPs are shibboleth authenticated. A user needs to provide a public key certificate to identify itself. The related ABAC credentials are generated according to their primary affiliation, and uploaded to a credential store.[[BR]] 
     117[[BR]] 
     118An new public key certificate (based on the original public key fetched out of the input certificate) signed by the IdP is also issued, which the user can use to talk to the POD credential store. This is because POD does certificate chain based authentication. It requires the requester to talk with a certificate signed by a trusted CA. The IdP is registered by POD as a trusted CA, which is why a certificate issued by the IdP can be used to talk to the POD. 
    98119 
    99120{{{ 
     
    131152Alice can then delegate the privilege to operate on the project to Bob. 
    132153{{{ 
    133 java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/Alice_private.pem --issuercert credentials/Alice_cert.pem --role Operate --roleobject <Project UUID>  
    134 --subjectcert credentials/Bob_cert.pem --scope `java -cp AbacTools.jar util.GetPublicKeySha1Hash credentials/Bob_cert.pem` 
     154java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/Alice_private.pem --issuercert credentials/Alice_cert.pem --role Operate  
     155--roleobject <Project UUID> --subjectcert credentials/Bob_cert.pem --scope `java -cp AbacTools.jar util.GetPublicKeySha1Hash credentials/Bob_cert.pem` 
    135156}}} 
    136157