Changes between Version 6 and Version 7 of GeniApiCertificates
- Timestamp:
- 05/01/12 09:31:01 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GeniApiCertificates
v6 v7 99 99 - Signers must have a URN indicating they are of type `authority`, as described in the [wiki:GeniApiIdentifiers URN wiki page] 100 100 - Signers must have namespace authority over the subject of the certificate 101 - Essentially, The authority name of the signer must be a prefix of the subject name. EG: `a\.b` is an authority for, `a\.b.c.d`, but `a` is not an authority for, `a\.b.c.d` (the subject's name starts with `a.b`, where we've escaped the `.`). Also any authority name is an authority for itself.101 - Essentially, the authority name of the signer must be a prefix of the subject name. EG: `a\.b` is an authority for, `a\.b.c.d`, but `a` is not an authority for, `a\.b.c.d` (the subject's name starts with `a.b`, where we've escaped the `.`). Also any authority name is an authority for itself. 102 102 103 103 For sample python code to validate GENI certificates, see http://git.planet-lab.org/?p=sfa.git;a=tree;f=sfa/trust;hb=HEAD, or the [http://trac.gpolab.bbn.com/gcf/ GCF package], under `gcf/src/sfa/trust`.