| 2 | 8 | GENI tools must communicate with GENI services (member authorities, slice authorities, aggregate managers, etc.) via SSL with a client-side certificate. Tools that run on the experimenter's computer can use the experimenter's certificate and private key for these communications because they are under the control of the experimenter. Tools that run on remote servers ("hosted tools"), like web-based tools or long-running services, should use their own certificate and private key for secure communications. When hosted tools want to invoke GENI services on behalf of experimenters they should use a "speaks-for" credential provided to them by the experimenter. |
