Changes between Version 2 and Version 3 of AbacScenario

Show
Ignore:
Timestamp:
05/16/12 19:57:15 (7 years ago)
Author:
prateek (IP: 174.109.212.129)
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AbacScenario

    v2 v3  
    3434}}} 
    3535 
     36GOC uploads the coordinator role credentials scoped to the coordinator's public key identifier. The coordinator can associate the same credentials with its own identifier by creating a link to them. 
     37 
    3638=== Project Authority === 
    3739 
     
    4951java -cp AbacTools.jar util.CreddyPod --issuerkey credentials/ProjAuth1_private.pem --issuercert credentials/ProjAuth1_cert.pem --role GeniPI  
    5052--subjectcert credentials/GOC_cert.pem --subjectrole IdP.GeniPI 
     53}}} 
     54 
     55PA also creates a link to the credentials representing the GOC endorsement. 
     56{{{ 
     57java -cp AbacTools.jar util.PodAddLink --sourcekey credentials/ProjAuth1_private.pem --sourcecert credentials/ProjAuth1_cert.pem  
     58--targetcert credentials/GOC_cert.pem --targetscope `java -cp CH.jar util.GetPublicKeySha1Hash credentials/ProjAuth1_cert.pem` 
    5159}}} 
    5260 
     
    6876}}} 
    6977 
    70 === Users of the system === 
    71   
     78SA also creates a link to the credentials representing the GOC endorsement. 
     79{{{ 
     80java -cp AbacTools.jar util.PodAddLink --sourcekey credentials/SliceAuth1_private.pem --sourcecert credentials/SliceAuth1_cert.pem  
     81--targetcert credentials/GOC_cert.pem --targetscope `java -cp CH.jar util.GetPublicKeySha1Hash credentials/SliceAuth1_cert.pem` 
     82}}} 
     83 
     84=== User Registration === 
     85 
     86Alice and Bob register at the IdP. IdPs are shibboleth authenticated. The related ABAC credentials are generated according to their primary affiliation, and uploaded to a credential store. 
     87 
     88{{{ 
     89IdP.GeniUser <- Alice 
     90IdP.GeniPI <- Alice 
     91 
     92IdP.GeniUser <- Bob 
     93}}} 
     94 
     95An Identity Provider uploads the credentials scoped to the user's public key identifier. The user can associate the same credentials with its own identifier by creating a link to them. 
     96 
     97{{{ 
     98java -cp AbacTools.jar util.PodAddLink --sourcekey credentials/Alice_private.pem --sourcecert credentials/Alice_cert.pem  
     99--targetcert credentials/IdP1_cert.pem --targetscope `java -cp CH.jar util.GetPublicKeySha1Hash credentials/Alice_cert.pem` 
     100 
     101java -cp AbacTools.jar util.PodAddLink --sourcekey credentials/Bob_private.pem --sourcecert credentials/Bob_cert.pem  
     102--targetcert credentials/IdP1_cert.pem --targetscope `java -cp CH.jar util.GetPublicKeySha1Hash credentials/Bob_cert.pem` 
     103}}} 
     104 
     105=== Project Creation === 
     106 
     107A user with a GeniPI role can create a project. In our use-case Alice can request a PA to create a project. 
     108