Changes between Version 11 and Version 12 of CrudgeDocs

Timestamp:

Apr 11, 2011 11:36:59 AM (13 years ago)

Author:

faber

Comment:

--

CrudgeDocs

@@ -19 +19 @@
 == Using Crudge ==
 
-This section describes navigating crudge.  We describe the screens, how to manipulate credentials, and how to load and save credential sets.  If everything seems intuitive to you, feel free to treat this reference as a tutorial.
+This section describes navigating crudge.  We describe the screens, how to manipulate credentials, and how to load and save credential sets.  If everything seems intuitive to you, feel free to treat this tutorial as a reference.
 
 === Crudge Screens ===
@@ -27 +27 @@
 [[Image(crudge_first.png)]]
 
-The left side of the screen holds the worldviews.  These are the views of credentials controlled by a given principal, and currently there is one worldview with all credentials visible.  Because there are no credentials loaded, there are none displayed.  The text entry box is used to restrict the view.  When a principal name is entered, only those credentials controlled by that principal are shown.  Multiple views can be shown simultaneously.
+The left side of the screen holds the worldviews.  These are the views of credentials controlled by a given principal, and currently there is one worldview with all credentials visible.  Because there are no credentials loaded, there are none displayed.  The text entry box is used to restrict the view.  When a principal name is entered, only those credentials controlled by that principal are shown.  Multiple views can be shown simultaneously.  We describe how to manipulate worldviews [CrudgeDocs#WorkingWithWorldviews below].
 
-On the right is the results of the current query, which is used to test if a given principal has a given attribute/role.  The role is entered in the left text box and the principal in the right.  If the query is successful, the query success icon turns into a green smiling face; a failed query shows the red "X".
+On the right is the results of the current query, which is used to test if a given principal has a given attribute/role.  The role is entered in the left text box and the principal in the right.  If the query is successful, the query success icon turns into a green smiling face; a failed query shows the red "X". Queries are discussed in more detail [CrudgeDocs#RunningAQuery below].
 
-These details are summarized below.
+These input and output areas are summarized as:
 
 [[Image(crudge_first_annotated_test.png)]]
@@ -37 +37 @@
 === Viewing a Graph ===
 
-A credential graph represents a view of a set of ABAC credentials, for example the credentials that make up a proof or a policy.  There are several ways to load a proof (described in more detail below), but to see the basics load an example set of credentials from http://abac.deterlab.net/examples/rockets_intersection.zip .  Select "Open a URL" from the File menu and type http://abac.deterlab.net/examples/rockets_intersection.zip into the dialog box and hit return.  (You can also get the dialog box by typing Ctrl-U).
+A credential graph represents a view of a set of ABAC credentials, for example the credentials that make up a proof or a policy.  There are several ways to load a proof (described in more detail [CrudgeDocs#LoadingCredentialGraphs below]), but to see the basics load an example set of credentials from http://abac.deterlab.net/examples/rockets_intersection.zip .  Select "Open a URL" from the File menu and type http://abac.deterlab.net/examples/rockets_intersection.zip into the dialog box and hit return.  (You can also get the dialog box by typing Ctrl-U).
 
 A set of credentials will appear layed out roughly as a tree.  You will probably need to move the boxes around a bit to see the structure.  You can move a vertex by putting the pointer on it, holding down the left mouse button and dragging the box. You can pan around the space by putting the pointer on the background, holding the left button and dragging the whole frame. With a little moving you should see something like the image below.
@@ -43 +43 @@
 [[Image(batman.png)]]
 
-This set of credentials represents the policy of a company called Acme that is in the business of selling armaments to fictional characters.  There are four roles displayed and two principals.  The principals are the two blue circles labelled "Coyote" and "Batman".  The green rectangles are simple roles assigned by two principals not depicted ("Acme" and "WarnerBros").  A simple role is controlled by the principal to the left of the dot in the rectangle.  Acme controls Acme.preferred_customer.  WarnerBros controls WarnerBros.character.
+This set of credentials represents the policy of a company called Acme that is in the business of selling armaments to fictional characters.  There are four roles displayed and two principals.  The principals are the two blue circles labelled "Coyote" and "Batman".  The green rectangles are simple roles assigned by two principals not depicted ("Acme" and "!WarnerBros").  A simple role is controlled by the principal to the left of the dot in the rectangle.  Acme controls Acme.preferred_customer.  !WarnerBros controls !WarnerBros.character.
 
-The red rectangle represents an intersection role, which is the logical conjunction of the two roles separated by the ampersand, in this case Acme.preferred_customer and WarnerBros.character.  A principal has an intersection role if it also has all of the individual roles.  When the prerequisites for an intersection role are met by a principal, crudge connects the principal to the intersection role with a dotted line.  In this example, Coyote has edges to both Acme.preferred_customer and WarnerBros.character, so it has a connection to the red role.
+The red rectangle represents an intersection role, which is the logical conjunction of the two roles separated by the ampersand, in this case Acme.preferred_customer and !WarnerBros.character.  A principal has an intersection role if it also has all of the individual roles.  When the prerequisites for an intersection role are met by a principal, crudge connects the principal to the intersection role with a dotted line.  In this example, Coyote has edges to both Acme.preferred_customer and !WarnerBros.character, so it has a connection to the red role.
 
-The solid lines represent credentials, the dotted lines represent deductions.  This graph captures the idea that Acme will allow characters that are both its preferred customers and WarnerBros characters to buy rockets.
+The solid lines represent credentials, the dotted lines represent deductions.  This graph captures the idea that Acme will allow characters that are both its preferred customers and !WarnerBros characters to buy rockets.
 
 There is another kind of role, a linking role, that is described in more detail in the [http://groups.geni.net/geni/wiki/TIEDABACModel ABAC description referenced above.]
@@ -55 +55 @@
 The paths through this simple graph are easily traced by eye, but the query interface can be used to find the relevant paths through more tangled graphs.  We demonstrate the query interface on the graph loaded above.
 
-If a user enterd Acme.buy_rockets in the leftmost query box and Coyote in the other and hits enter, that requests a proof that Coyote has the Acme.buy_rockets role.  After that request is made (by hitting return) the query pane displays the following:
+If a user enters Acme.buy_rockets in the leftmost query box and Coyote in the other and hits enter, that requests a proof that Coyote has the Acme.buy_rockets role.  After that request is made (by hitting return) the query pane displays the following:
 
 [[Image(coyote_query.png)]]
@@ -75 +75 @@
 [[Image(tab.png)]]
 
-That's the single global view of the credentials.  Add another view by choosing Add Worldview from the View menu (or hitting Ctrl-A), and the screen will split horizontally into two views.  Type Acme into the text box on the lower view and you will see this:
+That is the single global view of the credentials.  Add another view by choosing Add Worldview from the View menu (or hitting Ctrl-A), and the screen will split horizontally into two views.  Type Acme into the text box on the lower view and you will see this:
 
 [[Image(acme.png)]]
 
-The lower view shows only credentials controlled by the Acme principal.  The red role depends on a role outside Acme's control (WarnerBros.character), so in the Acme view, the derived (dotted) connection for the Coyote to the red role cannot be deduced.
+The lower view shows only credentials controlled by the Acme principal.  The red role depends on a role outside Acme's control (!WarnerBros.character), so in the Acme view, the derived (dotted) connection for the Coyote to the red role cannot be deduced.
 
 Worldviews are simply filtered views of all the known credentials, and you may add as many as you need.
@@ -85 +85 @@
 === Editing Credential Graphs ===
 
-Editing credential graphs is fairly straightforward.  When editing, crudge created any missing but implied roles and principals, and credentials can be assigned by drawing arcs between nodes.  For example, clear the current credentials by choosing "New" from the "File" menu, and then left click on the empty graph.  A menu with an "Add Vertex entry will appear.  Entering "test.a & test.b" and hit enter, will cause 4 nodes to appear in the graph (after a short wait).
+Editing credential graphs is fairly straightforward.  When editing, crudge creates any missing but implied roles and principals, and credentials can be assigned by drawing arcs between nodes.  For example, clear the current credentials by choosing "New" from the "File" menu, and then left click on the empty graph.  A menu with an "Add Vertex" entry will appear.  Entering "test.a & test.b" and hit enter, will cause 4 nodes to appear in the graph (after a short wait).
 
 [[Image(edit1.png)]]
@@ -125 +125 @@
 
 Incoming edges to the red roles can only be created by crudge deducing them, but outgoing edges are allowed and useful.  You cannot assign a principal the Bob.a & Bob.b role, but if you assign a principal both Bob.a and Bob.b, crudge fills in the edge as above.
+
+=== Edge Types ===
+
+Edges in a graph represent the following credentials and implications:
+
+ * Solid black edge
+   * A signed credential exists for this edge.  
+   * Users can create these by holding the shift key down, pressing the left mouse button and dragging the arrow from one node to another.
+ * Solid red edge
+   * This edge represents a credential, but crudge does not have enough information (e.g. a private key) to create it.  The credential cannot be saved other than to an .rt0 file. Those files are described [CrudgeDocs#LoadingCredentialGraphs below].
+   * Users can create these by holding the shift key down, pressing the left mouse button and dragging the arrow from one node to another.
+ * Light blue edge
+   * Edge selected for inclusion in a subgraph
+   * Users can select edges by clicking on them with the left mouse button.  Multiple edges can be selected by holding down Ctrl while clicking
+   * Users can use the "select all edges" button to select all edges from a successful query.
+ * Dashed black edge
+   * This is a deduced edge.  It connects a principal to an intersection or linking role.
+   * Users cannot create these directly, but crudge will deduce them.
+
+
 
 == Loading Credential Graphs ==
@@ -169 +189 @@
 Neither of those check boxes are relevant to .rt0 files, because they contain no cryptographic material.
 
+==
+
 == Conclusion ==