Changes between Version 4 and Version 5 of GAPI_AM_API_V3/CommonConcepts
- Timestamp:
- 05/01/12 09:29:09 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GAPI_AM_API_V3/CommonConcepts
v4 v5 54 54 55 55 At least one subset of the credentials (e.g. a single SFA style slice credential) must authorize operations for the slice specified in `slice_urn` if that is an argument, or for the slice that contains the named slivers, if sliver urns are an argument, or a valid set of administrative credentials with sufficient privileges. When sliver_urns are supplied, all such slivers must belong to the same slice, over which the given credential set provides access. Credentials must be valid (signed by a valid GENI certificate authority either directly or by chain, not expired, and grant privileges to the client identified by the SSL client certificate). Each method requires specific privileges, which must be granted by the provided credentials. Note that the semantics of this argument is not clear: most implementations require a single credential to provide all needed privileges. Alternative interpretations might, for example, accumulate privileges from each valid credential to determine overall caller permissions. For details on GENI AM API format credentials, see [wiki:GeniApiCredentials the GENI wiki]. 56 57 Aggregates must advertise the type(s) of credentials they support, using a new entry in !GetVersion: 58 {{{ 59 geni_credential_types = <a list of structs>: [ 60 { 61 geni_type: <string, case insensitive>, 62 geni_version: <string containing an integer>, 63 <others fields optionally. EG A URL for more info, or a schema> 64 } 65 ] 66 }}} 67 68 ''sfa" slice credentials as defined pre AM API version 3 will have type=`geni_sfa` and version=`2`. "sfa" slice credentials as of AM API version 3 will be type=`geni_sfa`, version=`3`. 69 ABAC credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. 70 71 For example, an aggregate that accepts ABAC credentials, SFA slice credentials that were issued prior to AM API v3, and SFA slice credentials from AM API version 3, would include this in !GetVersion: 72 73 {{{ 74 geni_credential_types = [ 75 { 76 geni_type = "geni_sfa", 77 geni_version = "2" 78 }, 79 { 80 geni_type="geni_sfa", 81 geni_version = "3" 82 }, 83 { 84 geni_type="geni_abac", 85 geni_version="1" 86 } 87 ] 88 }}} 89 56 90 57 91 === `options` ===