Changes between Version 11 and Version 12 of OldFeddAbout

Timestamp:

Jun 5, 2010 10:32:52 AM (14 years ago)

Author:

faber

Comment:

--

OldFeddAbout

@@ -133 +133 @@
 other entities in the system are identified by a single fedid.
 
-== Granting Access: Emulab Projects ==
-
-Once a fedd has decided to grant a researcher access to resources, it
+== Granting Access ==
+
+An access controller is responsible for mapping from the global identifier space into the local access control of the testbed
+This may mean mapping a request into a local Emulab project and user, a local DRAGON certificate, or a local [http://www.protogeni.net/trac/protogeni ProtoGENI] certificate.  As other plugins are added other mappings will appear
+
+=== Emulab Projects ===
+
+Once an access controller managing an Emulab has decided to grant a researcher access to resources, it
 implements that decision by granting the researcher access to an Emulab
 project with relevant permissions on the local testbed.  The terminology
-is somewhat unfortunate in that the fedd is configured to grant access
+is somewhat unfortunate in that the access controller is configured to grant access
 based on the global three-level name that includes project and user
 components and implements that decision by granting access to a local
@@ -156 +161 @@
 basis may not appeal to some users.  However, static projects require
 some administrator investment per-project.
+
+=== Certificate Systems: DRAGON and ProtoGENI ===
+
+Access controllers on these systems map the request into a flat space of X.509 certificates and keys that provide the identity for these identity based systems.  Unlike the self-signed certificates representing [FeddAbout#GlobalIdentifiers:Fedids fedids], these are full X.509 certificates used to establish a chain of trust.  Different global users are mapped into certificates and keyes that match the access level intended.
 
 = Experiments =