Changes between Version 6 and Version 7 of GeniApiCertificates


Ignore:
Timestamp:
05/01/12 09:31:01 (12 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GeniApiCertificates

    v6 v7  
    9999  - Signers must have a URN indicating they are of type `authority`, as described in the [wiki:GeniApiIdentifiers URN wiki page]
    100100  - Signers must have namespace authority over the subject of the certificate
    101    - Essentially, The authority name of the signer must be a prefix of the subject name. EG: `a\.b` is an authority for, `a\.b.c.d`, but `a` is not an authority for, `a\.b.c.d` (the subject's name starts with `a.b`, where we've escaped the `.`). Also any authority name is an authority for itself.
     101   - Essentially, the authority name of the signer must be a prefix of the subject name. EG: `a\.b` is an authority for, `a\.b.c.d`, but `a` is not an authority for, `a\.b.c.d` (the subject's name starts with `a.b`, where we've escaped the `.`). Also any authority name is an authority for itself.
    102102
    103103For sample python code to validate GENI certificates, see http://git.planet-lab.org/?p=sfa.git;a=tree;f=sfa/trust;hb=HEAD, or the [http://trac.gpolab.bbn.com/gcf/ GCF package], under `gcf/src/sfa/trust`.