Changes between Version 4 and Version 5 of GAPI_AM_API_V3/CommonConcepts


Ignore:
Timestamp:
05/01/12 09:29:09 (12 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GAPI_AM_API_V3/CommonConcepts

    v4 v5  
    5454
    5555At least one subset of the credentials (e.g. a single SFA style slice credential) must authorize operations for the slice specified in `slice_urn` if that is an argument, or for the slice that contains the named slivers, if sliver urns are an argument, or a valid set of administrative credentials with sufficient privileges. When sliver_urns are supplied, all such slivers must belong to the same slice, over which the given credential set provides access. Credentials must be valid (signed by a valid GENI certificate authority either directly or by chain, not expired, and grant privileges to the client identified by the SSL client certificate). Each method requires specific privileges, which must be granted by the provided credentials. Note that the semantics of this argument is not clear: most implementations require a single credential to provide all needed privileges. Alternative interpretations might, for example, accumulate privileges from each valid credential to determine overall caller permissions. For details on GENI AM API format credentials, see [wiki:GeniApiCredentials the GENI wiki].
     56
     57Aggregates must advertise the type(s) of credentials they support, using a new entry in !GetVersion:
     58{{{
     59geni_credential_types = <a list of structs>: [
     60  {
     61   geni_type: <string, case insensitive>,
     62   geni_version: <string containing an integer>,
     63   <others fields optionally. EG A URL for more info, or a schema>
     64  }
     65]
     66}}}
     67
     68''sfa" slice credentials as defined pre AM API version 3 will have type=`geni_sfa` and version=`2`. "sfa" slice credentials as of AM API version 3 will be type=`geni_sfa`, version=`3`.
     69ABAC credentials as of AM API version 3 will be type=`geni_abac`, version=`1`.
     70
     71For example, an aggregate that accepts ABAC credentials, SFA slice credentials that were issued prior to AM API v3, and SFA slice credentials from AM API version 3, would include this in !GetVersion:
     72
     73{{{
     74geni_credential_types = [
     75  {
     76   geni_type = "geni_sfa",
     77   geni_version = "2"
     78  },
     79  {
     80   geni_type="geni_sfa",
     81   geni_version = "3"
     82  },
     83  {
     84   geni_type="geni_abac",
     85   geni_version="1"
     86  }
     87]
     88}}}
     89
    5690
    5791=== `options` ===