Changes between Version 42 and Version 43 of AaronHelsinger/GAPI_AM_API_DRAFT


Ignore:
Timestamp:
04/04/12 11:55:57 (7 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AaronHelsinger/GAPI_AM_API_DRAFT

    v42 v43  
    4040Given that, readers of this page should focus on Change Sets F, G, I, K, and M.
    4141
    42 At the top level, the proposed changes for AM API v3 include:
    43  - [#ChangeSetC:UpdateSlivers Change Set C]: ''On hold'' (waiting for a revised proposal). Add the ability to !UpdateSlivers to immediately modify your reservation
     42Proposals currently under discusion:
    4443 - [#ChangeSetD:Sliver-specificoperations Change Set D: Slivers]: ''Partially superseded.'' Change methods to clarify that there may be multiple slivers per slice at an AM, and to allow operating on individual slivers
    45  - [#ChangeSetE:Tickets Change Set E: Tickets]: ''On hold'' (waiting for a revised proposal). Add methods using tickets to do negotiated reservations
    46  - [#ChangeSetF1:DefineSliverStates Change Set F1]: ''Superseded'' by F3 and F4: Define sliver states, and the state changes that various methods cause
    47  - [#ChangeSetF2:ActOnSlivers Change Set F2]: ''Superseded'' by F3 and F4: Add a new general !ActOnSlivers method allowing AMs to support AM and resource-type specific operations
    4844 - [#ChangeSetF3:SliverAllocationStatesandmethods Change Set F3]: Sliver Allocation States and methods
    4945 - [#ChangeSetF4:SliverOperationsMethod Change Set F4]: Method to perform Sliver Operational actions
    5046 - [#ChangeSetF5:SliverOperationalStates Change Set F5]: Sliver Operational States
     47 - [#ChangeSetM:NewMethodSignatures Change Set M]: New method signatures, incorporating all previous adopted change sets
     48
     49We are awaiting new proposals on !UpdateSlivers, and the semantics of adding multiple sets of resources to a slice at an aggregate.
     50
     51Proposals previously adopted:
    5152 - '''ADOPTED''': [#Adopted:ChangeSetG:Credentialsaregeneralauthorizationtokens. Change Set G]: Generalize the credentials argument, allowing ABAC support
    52  - Change Set H: Clarify: A second call to !CreateSlivers without an intervening !DeleteSlivers is an error.
    5353 - '''ADOPTED''': Change Set I1: !SliversStatus return structure includes sliver expiration
    5454 - '''ADOPTED''' with changes: Change Set I2: !SliversStatus return includes SSH logins/key for nodes that support SSH access
    5555 - '''ADOPTED''': Change Set I3: !CreateSlivers return becomes a struct, adds sliver expiration
    56  - Change Set I4: !CreateSlivers optionally does not start resources.
    57  - ''Withdrawn'': [#Withdrawn:ChangeSetJ Change Set J]: Support proxy aggregates with 1 new option and 1 new !GetVersion entry
    5856 - '''ADOPTED''': [#Adopted:ChangeSetK:Standardizecertificatesandcredentials Change Set K]: Standardize certificate contents, etc
    5957  - Include a real serial number, holder email, holder uuid, and optionally authority URL in certificates
     
    6159  - Define slice name, sliver name, and user name restrictions, and similar for URNs
    6260  - Publish schemas for credentials and certificates
    63  - ''Postponed'': [#ChangeSetL:ChangeSFAcredentialsprivileges Change Set L]: Standardize slice credential privileges
    64  - [#ChangeSetM:NewMethodSignatures Change Set M]: New method signatures, incorporating all previous adopted change sets
    65 
    66 For a  full listing of the proposed API methods after all these changes, see [#Changesummary-methodsignatures below].
     61
     62For a  full listing of the proposed API methods after all these changes, see [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/MethodSignatures the Method Signatures Summary page].
     63
     64Older proposals, withdrawn, superseded, or postponed:
     65 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetC:UpdateSlivers Change Set C]: ''On hold'' (waiting for a revised proposal). Add the ability to !UpdateSlivers to immediately modify your reservation
     66 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetE:Tickets Change Set E: Tickets]: ''On hold'' (waiting for a revised proposal). Add methods using tickets to do negotiated reservations
     67 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetF1:DefineSliverStates Change Set F1]: ''Superseded'' by F3 and F4: Define sliver states, and the state changes that various methods cause
     68 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetF2:ActOnSlivers Change Set F2]: ''Superseded'' by F3 and F4: Add a new general !ActOnSlivers method allowing AMs to support AM and resource-type specific operations
     69 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetH Change Set H]: ''Superseded by F3'': Clarify: A second call to !CreateSlivers without an intervening !DeleteSlivers is an error.
     70 - [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetI4 Change Set I4]: ''Superseded by F3 and F4'': !CreateSlivers optionally does not start resources.
     71 - ''Withdrawn'': [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#Withdrawn:ChangeSetJ Change Set J]: Support proxy aggregates with 1 new option and 1 new !GetVersion entry
     72 - ''Postponed'': [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/Archive#ChangeSetL:ChangeSFAcredentialsprivileges Change Set L]: Standardize slice credential privileges
    6773
    6874== Unspecified items ==
     
    7379 - Define error codes returned by new methods, conditions
    7480
    75 -----
    76 
    77 = Change Set C: !UpdateSlivers =
    78 Add an ability for experimenters to modify their allocated resources at an aggregate without deleting (and possibly losing) existing resource allocations.
    79 
    80 This change was briefly discussed at GEC13, and is a topic for ongoing discussion.
    81 
    82 == Motivation ==
    83 A common complaint among experimenters about the current AM API is that there is no way to add or remove resources from a slice at an aggregate, without completely deleting the slice at that aggregate and recreating it, possibly losing resources to another experimenter and certainly losing state. This proposal aims to address that, by introducing a method to update the slice at an aggregate.
    84 
    85 The  [http://svn.planet-lab.org/attachment/wiki/WikiStart/sfa.pdf SFA] calls for an !UpdateSlice method, "to request that additional resources—as specified in the RSpec—be allocated to the slice".
    86 
    87 In the !PlanetLab implementation of the SFA, !UpdateSliver is in fact a synonym for !CreateSliver - the server will ensure that your allocated resources match your request RSpec, adding, removing and modifying resources as needed. It immediately allocates and boots nodes to match the request RSpec.
    88 
    89 The ProtoGENI CMV2 API has [http://www.protogeni.net/trac/protogeni/wiki/ComponentManagerAPIV2#UpdateSliver UpdateSliver], which is described as the way to "Request a change of resuorces for an existing sliver. The new set of resources that are desired are specified in the rspec." At ProtoGENI as at !PlanetLab, this method takes the full RSpec description of resources the experimenter wants, and the server computes the difference with what the experimenter already has. At ProtoGENI though, this method returns a ticket. The experimenter must then redeem the ticket to actually acquire the resources.
    90 
    91 This topic was discussed at the [http://groups.geni.net/geni/wiki/GEC12GeniAmAPI GEC12 AM API session] and on the GENI dev mailing list (in [http://lists.geni.net/pipermail/dev/2011-October/000433.html October] and [http://lists.geni.net/pipermail/dev/2011-November/000531.html November]).
    92 
    93 This topic was also discussed on the geni-dev mailing list here: http://lists.geni.net/pipermail/dev/2012-March/000588.html and here: http://lists.geni.net/pipermail/dev/2012-March/000643.html and elsewhere in March 2012.
    94 
    95 A competing related proposal from Gary Wong is here: http://www.protogeni.net/trac/protogeni/wiki/AM_API_proposals
    96 
    97 A further revised proposal is expected from Jon Duerig.
    98 
    99 == !UpdateSlivers ==
    100 This change would add a new method !UpdateSlivers, which takes a full request RSpec of the desired final state of the slice at this aggregate. This proposal calls for adding this functionality in the context of tickets: the !UpdateSlivers method returns a ticket. See [#ChangeSetE:Tickets Change Set E: Tickets] for details.
    101 
    102 Some points about this change:
    103  - The method takes a full request RSpec - not a diff.
    104   - Note that we want the manifest to be readily modifiable to be a request (include component_ids and sliver_ids), but it is not yet.
    105   - AMs may, as always, return {{{UNSUPPORTED}}} - EG if they are incapable of determining what changes to apply (computing a diff).
    106  - The request is either fully satisfied, or fails (returns an error code).
    107  - AMs must document the level of service they provide: will any state be lost on existing resources?
    108  - Options includes {{{geni_end_time}}}, a RFC3339 requested end time for the reservation. See below for details.
    109   - If omitted, the AM may reserve the resources for the default sliver duration.
    110   - AMs should follow the logic of !RenewSlivers to determine if the requested duration of the sliver is acceptable.
    111   - The request should Fail (return an error code) if the resources cannot be reserved until the requested time.
    112 
    113 Aggregates and experimenters should use an RSpec extension for specifying a guarantee on state loss per-resource:
    114 EG:
    115 {{{
    116   <node ... sliver_id="urn:publicid:IDN+jonlab.tbres.emulab.net+sliver+250">
    117     <sliver_type name="raw-pc"/>
    118 ...
    119     <preserve:preserve guarantee="persistent-state" />
    120   </node>
    121 }}}
    122 
    123 This uses the RNC schema:
    124 {{{
    125 default namespace = "http://www.protogeni.net/resources/rspec/ext/preserve/1"
    126 
    127 # This is meant to extend a node or link
    128 Preserved = element preserve {
    129   attribute guarantee { "none" | "persistent-state" |
    130                         "dynamic-state" | "no-disruption" }
    131 }
    132 
    133 start = Preserved
    134 }}}
    135 
    136 In the above schema, the states represent increasing levels of state preservation guarantee.
    137 
    138 {{{
    139 struct UpdateSlivers(string slice_urn, string credentials[], string rspec,
    140                                                  struct options)
    141 }}}
    142 
    143 Returns a struct:
    144 {{{
    145 {
    146   ticket: <string, the ticket>
    147   geni_status: <string, the sliver state - ticketed>,
    148  <others that are AM specific>
    149 }
    150 }}}
    151 
    152 See [#ChangeSetE:Tickets Change Set E: Tickets] for details on the ticket returned and ticket semantics.
     81----
     82
    15383
    15484= Change Set D: Sliver-specific operations =
     
    199129Open Question: Should the methods take a list of urns, 1 of which may be a slice_urn?
    200130
    201 = Change Set E: Tickets =
    202 AM APIv3 adds support for negotiated reservations or two-phase commit, by '''add'''ing methods that allow an experimenter to reserve resources for a slice without committing to using them, or forcing the AM to incur the cost of instantiating them.
    203 
    204 This change is actively under discussion. See for example http://lists.geni.net/pipermail/dev/2012-March/000616.html and http://lists.geni.net/pipermail/dev/2012-March/000648.html
    205 
    206 For an alternative proposal, see: http://www.protogeni.net/trac/protogeni/wiki/AM_API_proposals
    207 
    208 The later proposal for allocation states (below) supersedes this. See [#ChangeSetF3:SliverAllocationStatesandmethods Change Set F3].
    209 
    210 == Motivation ==
    211 This possible change was discussed at the [http://groups.geni.net/geni/wiki/GEC12GeniAmAPI GEC12 AM API session].
    212 
    213 The [http://svn.planet-lab.org/attachment/wiki/WikiStart/sfa.pdf SFA] defines the concept of a ticket. SFA1.0 section 5.3 says "A component signs an RSpec to produce a ticket, indicating a promise by the component to bind resources to the ticket-holder at some point in time." Tickets are promises to allocate resources.
    214 
    215 Tickets are used in the [http://www.protogeni.net/trac/protogeni/wiki/ComponentManagerAPIV2 ProtoGENI CMV2 interface], and are discussed on  [http://www.protogeni.net/trac/protogeni/wiki/Tickets the PG wiki]. Tickets with a slightly different semantics (and leases) are also used extensively in Orca. For details on the use of leases and tickets in Orca, see [https://geni-orca.renci.org/trac/attachment/wiki/WikiStart/ORCA%20Book.pdf 'the Orca Book']. However, each of these uses of the notion of tickets differs.
    216 
    217 Tickets would potentially enable a number of useful and possibly critical features:
    218  - Coordinated or negotiated reservations: reserving resources from aggregate B only if aggregate A can give you a complementary resource. For example, a VLAN tag. This is related to stitching, both network stitching and the more general form.
    219  - Two phase commit reservations (similar to the above).
    220  - Scheduled reservations in the future.
    221  - Brokers: 3rd parties consolidating, scheduling and allocating resources on behalf of a number of other aggregates
    222  - Lending resources to other experimenters
    223  - Giving experimenters explicit control over when resources are started, stopped, and restarted (see the discussion on !UpdateSliver).
    224 
    225 == Tickets semantics ==
    226 This proposal would add tickets to the existing AM API, allowing experimenters to reserve (hold) resources temporarily and cheaply. Tickets represent a promise to the named slice to allocate the specified resources, if the ticket is 'redeemed' while the ticket is still valid. Tickets describe a complete specification of the resources that will be allocated to the slice at this aggregate, if the ticket is redeemed.
    227 
    228 Some key properties of the tickets proposed here:
    229  - Tickets are IOUs from an AM to a slice (not to an experimenter - no delegation is necessary or possible).
    230  - Experimenters do not need to use tickets to reserve resources: existing methods without tickets still work.
    231  - A ticket is a promise by the AM to give the specified resources to the slice if an authorized slice member requests them.
    232   - The aggregate is saying they will not give away these resources to other slices, but only to this slice.
    233   - AMs must document how firm their promises are. See the attribute {{{geni_ticket_service_class}}}. 
    234    - Some aggregates may only offer soft promises, as in PlanetLab.
    235  - Tickets are signed by the AM: non repudiatable.
    236  - Tickets are bound to a slice: they contain the slice certificate.
    237  - Tickets may be passed from 1 researcher on a slice to another freely - no explicit delegation is required.
    238   - Indeed, any experimenter with appropriate slice credentials can retrieve the ticket from the aggregate.
    239   - Tickets may not be delegated to another slice or other entity; these tickets do not support brokers.
    240  - Tickets promise a particular set of resources: they include an RSpec. Note that this may be an unbound RSpec.
    241   - Note that we do not currently have unbound manifest RSpecs. For now we specify only that this is an RSpec.
    242  - Tickets are good for a limited time.
    243   - They must be redeemed by a specified time, {{{redeem_before}}}, after which the aggregate is free to assign the resources elsewhere.
    244    - Aggregates determine {{{redeem_before}}}, which is some epsilon in the near future.
    245    - Aggregates may accept a new option {{{geni_reserve_until}}} which is a request for a particular {{{redeem_before}}}, but are not required to support this (they may ignore the option).
    246   - Tickets specify when the resources will be available from ({{{starts}}}, typically essentially now), and when they will be available until (typically now plus the aggregate-local default sliver expiration time).
    247     - The resources may be available even longer, but that would require a separate !RenewSlivers call.
    248  - Tickets specify the full final state of the slice after applying this ticket.
    249   - Tickets are not incremental changes, and are not additive.
    250   - The implication is that there may be only 1 ticket outstanding for a slice per aggregate (except for scheduled reservations, see below).
    251   - This also implies that these tickets are not suitable for use by brokers.
    252  - Aggregates must attempt to honor their promises. As a result, aggregates must remember all outstanding tickets until they are redeemed or expire.
    253  - All ticket related timestamps must be in the format of RFC3339 (http://www.ietf.org/rfc/rfc3339.txt)
    254   - Full date and time with explicit timezone: offset from UTC or in UTC.
    255   - eg: {{{1985-04-12T23:20:50.52Z}}} or {{{1996-12-19T16:39:57-08:00}}}
    256 
    257 {{{
    258 #!comment
    259 
    260 == Ticket contents ==
    261 Tickets have an ID, the certificate of the slice to whom the resources are promised, an RSpec representing the promised resources, several timestamps, other attributes, and a signature by the aggregate (including the aggregate's certificate).
    262 
    263 Tickets are externally represented as signed XML documents following the [http://www.w3.org/TR/xmldsig-core/ XML Digital Signatures specification].
    264 
    265 Tickets contain:
    266  - {{{owner_gid}}} = the certificate of the experimenter who requested the ticket
    267  - {{{target_gid}}} = slice certificate
    268  - {{{uuid}}}
    269   - Unique ID for the ticket, in the hexadecimal digit string format given in [http://www.ietf.org/rfc/rfc4122.txt RFC 4122]
    270  - {{{expires}}} - RFC3339 compliant Date/Time when the resources will no longer be yours per this reservation (eg sliver duration+now)
    271  - {{{redeem_before}}}: RFC3339 compliant Date/Time when you must redeem this reservation, or your resources will be returned to the available pool (eg now+epsilon)
    272  - {{{starts}}} - RFC3339 compliant Date/Time when the resources will be yours, per this reservation (eg now)
    273  - RSpec (not specified as request or manifest)
    274  - Attributes (AM/resource-type specific name/value pairs)
    275   - Including {{{geni_ticket_service_class}}} as defined below, to indicate the firmness of the promise this ticket represents
    276  - signature including issuing AM's certificate
    277 
    278 More formally:
    279 {{{
    280 {
    281  owner_gid = <the certificate of the experimenter who requested the ticket>,
    282  target_gid = <slice certificate, following GENI AM API certificate specification>,
    283  uuid = <RFC 4122 compliant string>,
    284  expires = <RFC3339 compliant Date/Time when the resources will no longer be yours per this reservation (eg sliver duration+now)>,
    285  redeem_before = <RFC3339 compliant Date/Time when you must redeem this reservation, or your resources will be returned to the available pool (eg now+epsilon)>,
    286  starts = <RFC3339 compliant Date/Time when the resources will be yours, per this reservation (eg now)>,
    287  rspec = <RSpec (not specified as request or manifest)>,
    288  attributes = {
    289     geni_ticket_service_class = <string>,
    290     <others>
    291   },
    292   signature
    293 }
    294 }}}
    295 
    296 Tickets should include the {{{geni_ticket_service_class}}} attribute for advertising the firmness of the promise that a ticket represents (case insensitive string or integer).
    297  - FIXME: Provide definitions for these service classes.
    298  - 1=WEAK_EFFORT
    299  - 2=BEST_EFFORT
    300  - 3=ELASTIC_RESERVATION
    301  - 4=HARD_RESERVATION
    302 
    303 Tickets will follow a defined schema, to be published on geni.net.
    304 
    305 Tickets logically have a URN (not included in the ticket): {{{urn:publicid:IDN+<AM name>+ticket+<uuid>}}}
    306 
    307 For a similar structure in ProtoGENI, see https://www.protogeni.net/trac/protogeni/attachment/wiki/Authentication/credential.rnc
    308 
    309 == Methods ==
    310  1. !GetTicket
    311 {{{
    312 struct GetTicket (string slice_urn, string credentials[], string requestRSpec,
    313                            struct options)
    314 }}}
    315  - Get a ticket promising resources requested in the rspec.
    316  - If there is already an outstanding ticket for the slice, an error is returned.
    317  - Return: ticket
    318  - Result State: {{{ticketed}}}
    319  - Options may include {{{geni_start_time}}} and {{{geni_end_time}}} (see below)
    320  2. !RedeemTicket
    321 {{{
    322 struct RedeemTicket(string slice_urn, string credentials[], string ticket,
    323                                  struct users[] (as in CreateSlivers), struct options)
    324 }}}
    325  - Return:
    326 {{{
    327 {
    328  string rspec=<manifest>,
    329  string geni_start_time=<optional (may be omitted altogether): now if not specified>,
    330  string geni_expires=<RFC3339 sliver expiration>,
    331  string geni_status=<sliver state - allocated (or optionally changing or ready)>,
    332  <others that are AM specific>
    333 }
    334 }}}
    335  - Begin allocating the resources promised in the ticket.
    336  - Option {{{geni_auto_start}}}:
    337   - If supplied and true (boolean: 0 or 1 in XML-RPC), the aggregate automatically start/restarts resources as necessary, as though the experimenter called !ActOnSlivers(start).
    338    - State will be {{{changing}}} and then {{{ready}}}
    339   - If omitted the aggregate does not start resources (default behavior). The final state is {{{allocated}}}, and the experimenter must explicitly start or restart resources using !ActOnSlivers
    340   - Note that resources which do not require a 'start' may already be {{{ready}}} on normal return from !RedeemTicket.
    341  - Omitting the ticket causes the aggregate to redeem the outstanding ticket for this slice if any. If none, return an error code.
    342  - The ticket must be valid: not expired or previously redeemed or replaced. If so, an error is returned.
    343 
    344  3. !ReleaseTicket
    345 {{{
    346 struct ReleaseTicket(string slice_urn, string credentials[], string ticket, struct options)
    347 }}}
    348  - Give up the reservation for resources.
    349  - Return: true (1 in XMLRPC) or error
    350  - Omitting the ticket causes the aggregate to release the 0 or 1 outstanding tickets for this slice.
    351  - If this ticket was from !UpdateSlivers, then the sliver returns to the {{{allocated}}} state and existing resources are not modified.
    352 
    353  4. !UpdateTicket
    354 (atomic release/get)
    355 {{{
    356 struct UpdateTicket(string slice_urn, string credentials[], string requestRSpec,
    357                                 string ticket, struct options)
    358 }}}
    359  - For updating a reservation in place, replacing one ticket with a new one. On success, the old ticket is invalid.
    360  - Return: Ticket
    361  - Result State: {{{ticketed}}}
    362  - Options may include {{{geni_start_time}}} and {{{geni_end_time}}} (see below)
    363  - The ticket must be valid: not expired or previously redeemed or replaced. If so, an error is returned.
    364 
    365  5. !UpdateSlivers
    366 {{{
    367 struct UpdateSlivers(string slice_urn, string credentials[], string requestRSpec,
    368                                                  struct options)
    369 }}}
    370  - Returns a struct:
    371 {{{
    372 {
    373   string ticket=<ticket>
    374   string geni_status=<sliver state - ticketed>,
    375  <others that are AM specific>
    376 }
    377 }}}
    378  - Get a promise for resources that would replace currently allocated resources, as defined in [#ChangeSetC:UpdateSlivers Change Set C].
    379  - Result State: {{{ticketed}}}
    380  - On completion, the slice has both a ticket and a set of slivers at this aggregate. Overall it is both {{{allocated}}} and {{{ticketed}}}, which is called {{{ticketed}}}.
    381  - Options may include {{{geni_start_time}}} and {{{geni_end_time}}}, a RFC3339 requested start and end time for the reservation (option not required).
    382    - The request should Fail (return an error code) if the resources cannot be reserved from or until the requested time.
    383  - The method takes a full request RSpec - not a diff.
    384   - AMs may, as always, return {{{UNSUPPORTED}}} - EG if they are incapable of determining what changes to apply (computing a diff).
    385  - The request is either fully satisfied, or fails (returns an error code).
    386  - For further details on the !UpdateSlivers semantics, see [#ChangeSetC:UpdateSlivers Change Set C].
    387 
    388 For a similar set of functions in ProtoGENI, see: https://www.protogeni.net/trac/protogeni/wiki/ComponentManagerAPIV2
    389 
    390 == Other changes to support tickets ==
    391  - !CreateSlivers remains the first call: do not use it to add resources to the slice.
    392  - !ListResources return value changes to be:
    393 {{{
    394 {
    395    string rspec (ad or Manifest - may be empty though)
    396    string tickets[] (required but may be an empty list)
    397 }
    398 }}}
    399  - For !ListResources with no {{{slice_urn}}}, {{{tickets}}} shall be an empty list, and rspec shall be an ad RSpec.
    400  - For !ListResources with a {{{slice_urn}}}, {{{rspec}}} is the manifest RSpec for everything belonging to that slice at this AM, if anything is currently allocated (not just a ticket). {{{tickets}}} is then any outstanding ticket(s) for this slice.
    401 
    402 == Scheduling support using Tickets ==
    403 This ticket structure and methods, with small additions, supports using tickets for scheduling. This proposal does not require support for scheduling at aggregates.
    404 
    405  - We are not explicitly supporting scheduling, but the timestamps here should be sufficient.
    406  - !GetTicket, !CreateSlivers, !ListResources, !UpdateTicket, !UpdateSlivers all accept new RFC3339 compliant {{{geni_start_time}}} and {{{geni_end_time}}} options to support scheduling in the future.
    407   - For !GetTicket and !CreateSlivers, if left out then the reservation start is 'now or really soon' and the end is start plus the default sliver duration.
    408   - AMs that do not support scheduling return {{{UNSUPPORTED}}} when passed {{{geni_start_time}}}.
    409   - AMs should still support {{{geni_end_time}}}, following the logic of !RenewSlivers to determine if the requested duration of the sliver is acceptable.
    410    - IE at !CreateSlivers and !GetTicket and !UpdateSlivers in particular
    411    - The request should Fail (return an error code) if the resources cannot be reserved until the requested time.
    412  - {{{redeem_before}}} in tickets should be {{{starts}}}+epsilon. That epsilon is AM specific, but typically a small number of minutes.
    413  - Multiple tickets may be outstanding for a single slice at a single AM only for non overlapping time intervals.
    414   - IE you could request 2 tickets: 1 for machines 1-3 on Tuesday and simultaneously request 1 for machines 4-6 on Thursday.
    415  - These options are accepted in !ListResources as well.
    416   - Specifying {{{geni_start_time}}} means tell me what will be available at that time. Default is now.
    417   - Specifying both {{{geni_end_time}}} and {{{geni_start_time}}} means show me only things available for that entire duration.
    418 
    419 }}}
    420 
    421 -----
     131
    422132= Change Set F: Support AM and resource-type specific methods. =
    423133Define the control API (the AM API) as about moving slivers through various states at an AM.
    424134
    425 The proposal here elicited concerns (the method !ActOnSlivers is an ioctl, and the states mix allocation and operational states).
     135The proposal originally here elicited concerns (the method !ActOnSlivers is an ioctl, and the states mix allocation and operational states).
    426136
    427137A later alternative proposal, see http://lists.geni.net/pipermail/dev/2012-March/000721.html
     
    429139At the GEC13 coding sprint, a variant on the above was approved. It is documented here as [#ChangeSetF3:SliverAllocationStatesandmethods Change Set F3].
    430140
    431 A variant on the operational states proposal is defines as Change Set F4 and documented here: https://openflow.stanford.edu/display/FOAM/GENI+-+PerformOperationalAction
     141A variant on the operational states proposal is defined as Change Set F4 and documented here: https://openflow.stanford.edu/display/FOAM/GENI+-+PerformOperationalAction
    432142
    433143== Motivation ==
    434144AM API methods logically change the state of the slivers at this AM. But the API is not clear what experimenters should expect, and does not provide easy ways for experimenters to control when and how states change. There is in particular no way to move slivers through states and change them in ways otherwise undefined by the API.
    435145
    436 == Change Set F1: Define Sliver States ==
    437 '''This change is superseded by Change Sets F3 and F4.'''
    438 
    439 Currently the AM API defines several possible states as valid returns in !SliversStatus: {{{configuring}}}, {{{ready}}}, {{{unknown}}}, and {{{failed}}}. This change changes and expands that list of valid states, and explicitly defines the expected states after each AM API method call. Additionally, this change provides a mechanism for aggregates to supply their own states.
    440 
    441 The GENI AM API can be thought of as manipulating slivers. As such, each method potentially changes the state of 1 or more slivers. With the changes proposed here, several of the methods return a new {{{geni_status}}} field, whose value is one of the standard GENI sliver status values. Aggregates must use one of the standard GENI values for that return.
    442 
    443 == Change Set F2: !ActOnSlivers ==
    444 '''This change is superseded by Change Sets F3 and F4.'''
    445 
    446 This change introduces a new method, providing a generic way to act on slivers in an AM or resource type specific way. This method shall be used to 'start' or 'stop' or 'restart' resources that have been allocated but not started by !CreateSlivers or !RedeemTicket. It may also be used to change the state of slivers (or their contained resources) in an aggregate or resource specific way. Some aggregates may use this method to change configuration details of allocated resources. This might include changing acceptable login keys.
    447146
    448147== Change Set F3: Sliver Allocation States and methods ==
     
    614313
    615314 - An AM must pick credentials out of the list that it understands and be robust to receiving credentials it does not understand.
    616   - Current slice and user credentials will be recognizable for following the schema defined in [#ChangeSetK:Standardizecertificatesandcredentials Change Set K].
     315  - Current slice and user credentials will be recognizable for following the schema defined in [#Adopted:ChangeSetK:Standardizecertificatesandcredentials Change Set K].
    617316 - AMs are required to continue to accept current-format credentials.
    618317  - In particular, a single standard slice credential remains sufficient for most authorization policies.
     
    681380Modify a few existing methods to make certain operations easier or more experimenter friendly.
    682381
    683 == Change Sets H&I: Misc other method changes ==
    684  - '''Change Set H''': A second call to !CreateSlivers without an intervening !DeleteSlivers is an error.
    685   - This change just clarifies expected behavior that was left under-specified in AM API v1.
    686   - !CreateSlivers takes a full Ad RSpec, it is not a way to 'add' resources.
    687   - Silently replacing the existing slivers with new slivers (similar to a call to !UpdateSlivers) is not acceptable.
     382== Change Set I: Misc other method changes ==
    688383
    689384 - '''Adopted: Change Set I1''': Add {{{geni_expires}}} to return from !SliversStatus for whole slice and then each sliver
     
    697392This change standardizes behavior so experimenters can readily find how to log in to reserved resources. Aggregates that allocate resources that an experimenter can 'log in to', should use this struct to return that information. Other aggregates will not use this at all.
    698393
    699 '''This change was adopted at GEC13.'''
     394  - '''This change was adopted at GEC13.'''
    700395
    701396Aggregates shall use a new RSpec extension to include all login information in manifest RSpecs. This extension is version controlled in the GENI RSpec git repository.
     
    748443
    749444 - '''Adopted: Change Set I3''': Return sliver expiration from !CreateSlivers
    750 '''This change was adopted at GEC13.'''
     445  - '''This change was adopted at GEC13.'''
    751446
    752447Experimenters currently do not know the expiration of their slivers without explicitly asking.
     
    761456}}}
    762457
    763  - '''Change Set I4''': !CreateSlivers optionally does not start resources.
    764 Currently, !CreateSlivers auto starts resources, moving them from {{{allocated}}} through {{{changing}}} to {{{ready}}}.
    765  - Add a new option {{{geni_donotstart}}}:
    766   - If supplied and true (boolean: 0 or 1 in XML-RPC), final state is {{{allocated}}}, and experimenter must explicitly start resources using !ActOnSlivers.
    767   - If omitted or false ({{{0}}}) (default), AM automatically starts resources as before, and state will be {{{changing}}} and then {{{ready}}}.
    768 
    769 == Withdrawn: Change Set J ==
    770 '''This change set has been withdrawn.'''
    771458
    772459= Adopted: Change Set K: Standardize certificates and credentials =
     
    835522 - User URNs (which contain the authority name and the username) are required to be temporally and globally unique.
    836523
    837 = Change Set L: Change SFA credentials' privileges =
    838 '''This proposal has not been fully discussed and is likely to be postponed.'''
    839 
    840 Our goal is to simplify and standardize privilege strings used in SFA credentials. Currently there are wildcards, bind, embed, and others. They are confusing. We also want extensibility to use these credentials elsewhere in future.
    841 
    842 Credentials should support these kinds of operations:
    843  - Learn about the slice
    844  - Add/Modify/Delete resources in the slice
    845  - Read slice details like I&M?
    846  - Use the slice
    847  - Operator shutdown
    848 
    849 Proposal - Replace all existing privileges with only the following possible strings (case insensitive):
    850  - {{{CanWrite}}}
    851   - If present in a valid slice credential, aggregates may permit !CreateSlivers, !RenewSlivers, !DeleteSlivers, Shutdown, plus new methods !ActOnSlivers, !UpdateSlivers, !GetTicket, !RedeemTicket, !UpdateTicket, !ReleaseTicket
    852   - Thus it replaces {{{bind}}}, {{{embed}}}, {{{control}}}, {{{instantiate}}}, {{{sa}}}, {{{pi}}}, or {{{*}}} in various places
    853  - {{{CanRead}}}
    854   - If present in a valid slice credential, aggregates may permit !ListResources with a {{{slice_urn}}}, !SliversStatus
    855   - Thus it replaces {{{info}}} or {{{*}}} in various places
    856  - {{{CanReadDetails}}}
    857  - {{{CanUse}}}
    858 
    859 Note that those last 2 may never get used, but are there in case I&M or opt-in make those useful.
    860 
    861 Note also that operators who wish to shut down a slice would need a slice credential with the {{{CanWrite}}} privilege.
    862 
    863 Privilege and credential semantics are defined as follows:
    864  - Aggregates may only grant access using current SFA credentials to a method if at least one such valid credential:
    865   - grants the required privilege or privileges (if any)
    866   - to the caller of the API method
    867    - (identified by their SSL client certificate and the {{{owner_gid}}} in the credential)
    868   - over the slice (if any) on which they are operating
    869    - ({{{target_gid}}} in the credential).
    870  - Other privileges may be present in the same or other credentials, and other non-SFA credentials may be used to authorize actions (per [#ChangeSetG:Credentialsaregeneralauthorizationtokens. Change Set G]).
    871  - Local aggregate policy may grant or deny access to a particular method regardless of the presence of a valid credential granting the required privilege. This depends in part on federation policy governing aggregates.
    872  - Some operations (e.g. !GetVersion) may either simply require a valid credential with no particular privilege, or have no {{{credentials}}} argument at all.
    873 
    874 Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change suggests that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials.
    875524
    876525= Change Set M: New Method Signatures =
     
    881530There are a few other small changes that this change set covers.
    882531
    883 The details of the proposed final method signatures are listed [#Changesummary-methodsignatures below].
     532The details of the proposed final method signatures are listed [wiki:AaronHelsinger/GAPI_AM_API_DRAFT/MethodSignatures on the Draft method signatures summary page].
    884533
    885534== M1: users struct an option ==
     
    958607
    959608Update stitching schema per changes here: https://geni.maxgigapop.net/twiki/bin/view/GENI/NetworkStitchingGeniApiAndRspec
    960 
    961 ----
    962  = Change summary - method signatures =
    963 If the generally agreed-upon change sets listed here are adopted, the final method signatures will be as follows:
    964 
    965 == Common Arguments and Returns ==
    966 === structs and optional arguments ===
    967 Unless otherwise specified, all arguments and returns of type `struct` may include aggregate or resource-specific entries. As arguments, such options must be optional for the client to supply, with the aggregate providing a reasonable default.
    968 
    969 === datetime data type ===
    970 All datetime arguments and returns in this API shall conform to [http://tools.ietf.org/html/rfc3339 RFC 3339]. This represents a subset of the valid date/time strings permissible by the standard XML-RPC date/time data type, [http://xmlrpc.scripting.com/spec dateTime.iso8601].
    971 
    972 In the specification of this API, this is described as `dateTime.rfc3339`.
    973 
    974 === RSpec data type ===
    975 Throughout this API, multiple arguments and returns are labeled as an RSpec. These fields shall be understood as XML documents following one of the schemas advertised in the return from !GetVersion. All such RSpecs must pass an XML schema validator, must list all used schemas and namespaces within the document, using schemas that are publicly available. The !GetVersion return advertises schemas for advertisment and request RSpecs; the schemas for manifest RSpecs are assumed to be available at the same base URL, but using a corresponding manifest schema.
    976 
    977 A fully GENI AM API compliant aggregate will always support the GENI standard schemas for RSpecs, available at http://www.geni.net/resources/rspec. As of 4/2012, the current GENI RSpec version is '''3'''. Aggregates are free to use an alternate format internally, but must accept and produce compliant RSpecs on demand.
    978 
    979 The Aggregate Manager API requires this contract: Aggregates advertise the `type` and `version` of RSpec formats that they support. If available, they specify the `schema`, `namespace` and `extensions` combination which is the authoritative definition of that format. Clients of the API should understand that combination in order to know how to understand the resources available at that aggregate.
    980 
    981 If an aggregate advertises a particular `type`/`version` (optionally defined with a combination of `schema`, `namespace` and `extensions`) in the `geni_ad_rspec_versions` attribute of !GetVersion, then it promises to send a correct Advertisement RSpec in response to a !ListResources call which supplies a `geni_rspec_version` option containing that `type`/`version`. (`geni_rspec_version` is a struct with 2 members, `type` and `version`. `type` and `version` are case-insensitive strings, matching those in `geni_ad_rspec_versions`).
    982 
    983 If an Aggregate advertises a particular `type`/`version` (optionally defined with a combination of `schema`, `namespace` and `extensions`) in the `geni_request_rspec_versions` attribute of !GetVersion then it promises to correctly honor an Allocate (was !CreateSliver in API v2) call containing a request RSpec in the given format, and then to return a Manifest RSpec in the corresponding format (i.e. a GENI format request is answered with a GENI format manifest). The aggregate also promises to send a correctly formatted Manifest RSpec in response to a Describe call which supplies a valid slice or sliver URN and an `geni_rspec_version` option containing that supported `type`/`version`.
    984 
    985 In this API, such RSpec fields are labeled as type `geni.rspec`.
    986 
    987 === `credentials` ===
    988 Many methods take an array of credentials. This is an array of credential type, version, and string value.
    989 {{{
    990 credentials = [
    991    {
    992     geni_type: <string>,
    993     geni_version: <string>,
    994     geni_value: <string>,
    995     <others>
    996    }
    997 ]
    998 }}}
    999 
    1000 At least one credential must be a valid slice credential for the slice specified in `slice_urn` if that is an argument, or for the slice that contains the named slivers, if sliver urns are an argument, or a valid administrative credential with sufficient privileges. When sliver_urns are supplied, all such slivers must belong to the same slice, over which the given credential provides access. Credentials must be valid (signed by a valid GENI certificate authority either directly or by chain, not expired, and grant privileges to the client identified by the SSL client certificate). Each method requires specific privileges, which must be granted by the provided credentials. Note that the semantics of this argument is not clear: most implementations require a single credential to provide all needed privileges. Alternative interpretations might, for example, accumulate privileges from each valid credential to determine overall caller permissions. For details on GENI AM API format credentials, see [wiki:GeniApiCredentials the GENI wiki].
    1001 
    1002 === `geni_end_time` ===
    1003 The `geni_end_time` argument requests an expiration of the specified slivers. It is in dateTime.rfc3339 format (defined above).
    1004 When an explicit argument, it is required, and aggregates must honor the request to the extent local policy permits.
    1005 When an option in the `options` struct, clients may omit the option, and AMs may choose not to or be unable to honor this option, but may still succeed the overall request.
    1006 
    1007 === `geni_best_effort` ===
    1008  {{{geni_best_effort: <XML-RPC boolean 1 or 0, default false (0)>}}}
    1009 Clients may omit this option, but aggregates must honor the option if possible. This option modifies the way that the operation applies to all named slivers. By default (`geni_best_effort`=false), the operation must apply equally to all slivers, either succeeding or failing for all. When true, the aggregate may succeed the operation for some slivers, while failing the operation for other slivers.
    1010 
    1011 === `geni_users` ===
    1012 `struct geni_users[]` is an option for some methods.
    1013 
    1014 Clients may omit this option. Aggregates should honor this option for any resource that accepts the provided login keys, and ignore it for other resources. This option is an array of user structs, which contain information about the users that might login to the sliver that the AM needs to know about. For example, this option is the mechanism by which users supply their SSH public keys, permitting SSH login to allocated nodes. In such cases, the corresponding manifest RSpec will contain the `ssh-users` element on each such node, showing the login username and applicable public keys. When this option is supplied, each struct must include the key 'keys', which is an array of strings and can be empty. The struct must also include the key 'urn', which is the user’s URN string. For example:
    1015 {{{
    1016 [
    1017   {
    1018     urn: urn:publicid:IDN+geni.net:gcf+user+alice
    1019     keys: [<ssh key>, <ssh key>]
    1020   },
    1021   {
    1022     urn: urn:publicid:IDN+geni.net:gcf+user+bob
    1023     keys: [<ssh key>]
    1024   }
    1025 ]
    1026 }}}
    1027 
    1028 === `options` ===
    1029 An XML-RPC struct. For !GetVersion only, this argument is optional. In all other methods, it is required. Only !ListResources has required entries in the options struct. Aggregates are compliant with this API change by accepting this argument. Aggregates may accept entries to this struct. Aggregates should not require any new options to any method - they should always have a reasonable default for any such option. Aggregates should document new `options` arguments. The prefix `geni_` is reserved for members that are part of this API specification. Implementations should choose an appropriate prefix to avoid conflicts.
    1030 
    1031 === `urns[]` ===
    1032 Several methods take some URNs to identify what to operate on. These methods are defined as accepting a list of arbitrary strings we call URNs.
    1033 This API defines two kinds of URNs that may be supplied here, slice URNs and sliver URNs (see [wiki:GeniApiIdentifiers the GENI identifiers page], and [#Adopted:ChangeSetK:Standardizecertificatesandcredentials Change Set K]). Some aggregates may understand other URNs, but these are not defined or required here. Aggregates that accept only URNs defined by this API will return an error when given URNs not in one of those forms.
    1034 This API requires that aggregates accept either a single slice URN, or 1+ sliver URNs that all belong to the same slice. Aggregates are not required to accept both a slice URN and sliver URNs, 2+ slice URNs, or a set of sliver URNs that crosses multiple slices. Some aggregates may choose to accept other such combinations of URNs. Aggregates that accept only arguments defined by this API will return an error when given more than 1 slice URN, a combination of both slice and sliver URNs, or a set of sliver URNs that belong to more than 1 slice.
    1035 
    1036  == !GetVersion ==
    1037 Query static configuration information about this aggregate manager implementation, such as API and RSpec versions supported.
    1038 {{{
    1039 struct GetVersion([optional: struct options])
    1040 }}}
    1041 
    1042 The `options` argument may be omitted entirely by clients.
    1043 
    1044 Return struct:
    1045 {{{
    1046 
    1047       {
    1048         int geni_api;
    1049         struct geni_api_versions {
    1050              URL <this API version #>; # value is a URL, name is a number
    1051              [optional: other supported API versions and the URLs where they run]
    1052         }
    1053         array geni_request_rspec_versions of {
    1054              string type;
    1055              string version;
    1056              string schema;
    1057              string namespace;
    1058              array extensions of string;
    1059         };
    1060         array geni_ad_rspec_versions of {
    1061              string type;
    1062              string version;
    1063              string schema;
    1064              string namespace;
    1065              array extensions of string;
    1066         };
    1067         array geni_credential_types of {
    1068              string geni_type <case insensitive>;
    1069              string geni_version <containing an integer>;
    1070        };
    1071     }
    1072 }}}
    1073 
    1074  == !ListResources ==
    1075 Retrieve RSpecs listing resources at this aggregate, an Advertisement RSpec of available resources.
    1076 
    1077 {{{
    1078 struct ListResources(struct credentials[], struct options)
    1079 }}}
    1080 
    1081 Where options include:
    1082 {{{
    1083 {
    1084   boolean geni_available <optional>;
    1085   boolean geni_compressed <optional>;
    1086   struct geni_rspec_version {
    1087     string type;
    1088     string version;
    1089   };
    1090 }
    1091 }}}
    1092 
    1093 Note that all options may be omitted by the client, exception `geni_rspec_version` which is required. The aggregate must honor all supplied options.
    1094 
    1095 `credentials` is the standard argument defined above.
    1096 
    1097 Return:
    1098 A `geni.rspec` advertisment RSpec.
    1099 
    1100  == Describe ==
    1101 AKA !ListResources when supplied a slice URN.
    1102 
    1103 Retrieve a manifest describing the resources contained by the entities named, e.g. a single slice or a set of the slivers in a slice.
    1104 {{{
    1105 struct Describe(string urns[], struct credentials[], struct options[])
    1106 }}}
    1107 
    1108 Where options include:
    1109 {{{
    1110 {
    1111   boolean geni_compressed <optional>;
    1112   struct geni_rspec_version {
    1113     string type;
    1114     string version;
    1115   };
    1116 }
    1117 }}}
    1118 
    1119 Note that all options may be omitted by the client, exception `geni_rspec_version` which is required. The aggregate must honor all supplied options.
    1120 
    1121 `credentials` is the standard argument defined elsewhere.
    1122 
    1123 Note that the manifest RSpec for allocated slivers may contain less detail than for provisioned slivers.
    1124 
    1125 Return struct:
    1126 {{{
    1127 {
    1128    geni_rspec: <geni.rspec, Manifest - may be empty though)>
    1129    geni_urn: <string slice urn, as requested>
    1130    geni_slivers: [
    1131                {
    1132                   geni_sliver_urn: <string sliver urn>
    1133                   geni_expires: <dateTime.rfc3339 allocation expiration string, as in geni_expires from SliversStatus>,
    1134                   geni_allocation_status: <string sliver state - allocated or ?? >,
    1135                   geni_operational_status: <string sliver operational state>
    1136                },
    1137                ...
    1138          ]
    1139 }
    1140 }}}
    1141 
    1142 Aggregates are expected to combine the manifests of all requested slivers into a single manifest RSpec.
    1143 
    1144 FIXME: Allow multiple manifests? Options to specify only allocated or only provisioned slivers?
    1145  == Allocate ==
    1146 AKA !CreateSlivers()
    1147 Request resources described by the given request RSpec to be allocated to the given slice. On success, one or more slivers are allocated, containing resources satisfying the request, and assigned to the given slice. The manifest RSpec describing those resources is returned.
    1148 {{{
    1149 struct Allocate(string slice_urn,
    1150                     struct credentials[],
    1151                     geni.rspec rspec,
    1152                     struct options)
    1153 }}}
    1154 
    1155 `credentials` is the standard argument defined above.
    1156 
    1157 Options include:
    1158 {{{
    1159 {
    1160   [optional geni_end_time: <dateTime.rfc3339>]
    1161 }
    1162 }}}
    1163 
    1164 Return struct:
    1165 {{{
    1166 {
    1167  geni_rspec: <geni.rspec manifest>,
    1168  geni_slivers: [
    1169         {
    1170                   geni_sliver_urn: <string sliver urn>
    1171                   geni_expires: <dateTime.rfc3339 allocation expiration string, as in geni_expires from SliversStatus>,
    1172                   geni_allocation_status: <string sliver state - allocated or ?? >
    1173         },
    1174         ...
    1175     ]
    1176 }
    1177 }}}
    1178 
    1179 The manifest is a manifest of only newly allocated slivers.
    1180 
    1181  == Renew ==
    1182 AKA !RenewSliver() or !RenewAllocated
    1183 Request that the named slivers be renewed, with their expiration extended. If possible, the aggregate should extend the slivers to the requested expiration time, or to a sooner time if policy limits apply. This method applies to slivers that are `geni_allocated` or to slivers that are `geni_provisioned`, though different policies may apply to slivers in the different states, resulting in much shorter max expiration times for `geni_allocated` slivers.
    1184 
    1185 {{{
    1186 struct Renew(string urns[],
    1187                     struct credentials[],
    1188                     dateTime.rfc3339 expiration_time,
    1189                     struct options)
    1190 }}}
    1191 
    1192 `credentials` is the standard argument defined above.
    1193 
    1194 Options include {{{geni_best_effort}}}
    1195 
    1196 Return list of structs:
    1197 {{{
    1198 [
    1199   {
    1200    geni_sliver_urn: <string>,
    1201    geni_allocation_status: <string>,
    1202    geni_operational_status: <string>,
    1203    geni_expires: <dateTime.rfc3339 when the sliver expires from its current state>,
    1204   },
    1205   ...
    1206 ]
    1207 }}}
    1208 
    1209  == !UpdateAllocations ==
    1210 AKA !UpdateAllocated()
    1211 This method modifies a set of allocated slivers in place. The existing reservations are not lost if the newly requested allocations cannot be satisfied by the aggregate.
    1212 
    1213 Details are suppressed pending agreement on this method.
    1214 {{{
    1215 #!comment
    1216 
    1217 {{{
    1218 struct UpdateAllocations(string urns[], struct credentials[], geni.rspec rspec,
    1219                                 struct options)
    1220 }}}
    1221 
    1222 `credentials` is the standard argument defined above.
    1223 
    1224 Options include:
    1225  - {{{geni_end_time}}}:
    1226  - {{{geni_best_effort}}}
    1227 
    1228 Return struct:
    1229 {{{
    1230 {
    1231  geni_rspec: <geni.rspec manifest>,
    1232  geni_slivers: [
    1233         {
    1234                   geni_sliver_urn: <string sliver urn>
    1235                   geni_expires: <dateTime.rfc3339 allocation expiration string, as in geni_expires from SliversStatus>,
    1236                   geni_allocation_status: <string sliver state - allocated or ?? >
    1237         },
    1238         ...
    1239     ]
    1240 }
    1241 }}}
    1242 
    1243 The manifest is a manifest of only referenced allocated slivers.
    1244 
    1245 FIXME: Is this the same method as for updating provisioned slivers?
    1246 }}}
    1247 
    1248  == Provision ==
    1249 AKA !ProvisionSlivers()
    1250 Request that the named `geni_allocated` slivers be made `geni_provisioned`, instantiating or otherwise realizing the resources, such that they have a valid `geni_operational_status` and may possibly be made `geni_ready` for experimenter use.
    1251 
    1252 {{{
    1253 struct Provision(string urns[], struct credentials[], 
    1254                                    struct options)
    1255 }}}
    1256 
    1257 `credentials` is the standard argument defined above.
    1258 
    1259 Options include:
    1260  - {{{geni_best_effort}}}
    1261  - {{{geni_end_time}}}
    1262  - `struct geni_users[]`
    1263 
    1264 Return struct:
    1265 {{{
    1266   geni_rspec: <geni.rspec, RSpec manifest>,
    1267   geni_slivers:
    1268   [
    1269     {
    1270      geni_sliver_urn: <string>,
    1271      geni_allocation_status: <string>,
    1272      geni_operational_status: <string>,
    1273      geni_expires <dateTime.rfc3339 when the sliver expires from its current state>,
    1274     },
    1275     ...
    1276   ],
    1277 }}}
    1278 
    1279 FIXME: Is the returned manifest only for newly provisioned slivers? Or all slivers at this AM for this slice?
    1280 
    1281  == !UpdateSlivers ==
    1282 AKA Update()
    1283 This method requests a modification to 1 or more provisioned slivers. The slivers end up in a new `geni_allocated+geni_provisioned` state.
    1284 
    1285 Details are suppressed pending agreement on this method.
    1286 {{{
    1287 #!comment
    1288 
    1289 {{{
    1290 struct UpdateSlivers(string urns[], struct credentials[], geni.rspec rspec,
    1291                                                  struct options)
    1292 }}}
    1293 
    1294 `credentials` is the standard argument defined above.
    1295 
    1296 Options include:
    1297  - {{{geni_end_time}}}
    1298  - {{{geni_best_effort}}}
    1299  - `struct geni_users[]`
    1300 
    1301 Return struct:
    1302 {{{
    1303 {
    1304  rspec: <geni.rspec manifest>,
    1305  geni_slivers: [
    1306         {
    1307                   geni_sliver_urn: <string sliver urn>
    1308                   geni_expires: <dateTime.rfc3339 allocation expiration string, as in geni_expires from SliversStatus>,
    1309                   geni_allocation_status: <string sliver state - allocated or ?? >
    1310         },
    1311         ...
    1312     ]
    1313 }
    1314 }}}
    1315 
    1316 The RSpec argument may be a new delta format.
    1317 The manifest is a manifest of only referenced provisioned slivers.
    1318 
    1319 FIXME: Is this the same method as for updating allocated slivers?
    1320 FIXME: Return both a manifest and a delta RSpec?
    1321 }}}
    1322 
    1323  == Status ==
    1324 AKA !SliverStatus
    1325 Retrieve status information about the named slivers. This should be relatively dynamic data, not descriptive data as returned in the manifest RSpec.
    1326 
    1327 
    1328 {{{
    1329 struct Status(string urns[], struct credentials[], struct options)
    1330 }}}
    1331 
    1332 `credentials` is the standard argument defined above.
    1333 
    1334 Return:
    1335 {{{
    1336 {
    1337   geni_urn: <slice URN>
    1338   geni_slivers: [
    1339                     { geni_sliver_urn: <sliver URN>
    1340                       geni_allocation_status: <string, eg provisioned>
    1341                       geni_operational_status: <string, eg ready>
    1342                       geni_expires: <dateTime.rfc3339 of individual sliver expiration>
    1343                       geni_error: <string, eg ''>,
    1344                      },
    1345                     { geni_sliver_urn: <sliver URN>
    1346                       geni_allocation_status: <string, eg provisioned>
    1347                       geni_operational_status: <string, eg ready>
    1348                       geni_expires: <dateTime.rfc3339 of individual sliver expiration>
    1349                       geni_error: <string, eg ''>,
    1350                       }
    1351                   ]
    1352 }
    1353 }}}
    1354 
    1355  == !PerformOperationalAction ==
    1356 Perform the named operational action on the named slivers, possibly changing the `geni_operational_status` of the named slivers.
    1357 
    1358 {{{
    1359 struct PerformOperationalAction (string urns[], struct credentials[], string action,
    1360                                                     struct options={})
    1361 }}}
    1362 
    1363 `credentials` is the standard argument defined above.
    1364 
    1365 Options include: {{{geni_best_effort}}}
    1366 
    1367 Return list of structs:
    1368 {{{
    1369 [ {
    1370         geni_sliver_urn : <string>,
    1371         geni_allocation_status: <string, eg provisioned>
    1372         geni_operational_status : <string>,
    1373         geni_expires: <dateTime.rfc3339 of individual sliver expiration>
    1374         },
    1375         ...
    1376 ]
    1377 ;
    1378 }}}
    1379 
    1380  == Delete ==
    1381 AKA !DeleteSliver
    1382 Delete the named slivers, making them `geni_unallocated`. Resources are de-provisioned. No further AM API operations may be performed on slivers that have been deleted.
    1383 
    1384 {{{
    1385 struct Delete(string urns, struct credentials[], struct options)
    1386 }}}
    1387 
    1388 `credentials` is the standard argument defined above.
    1389 
    1390 Options include: {{{geni_best_effort}}}
    1391 
    1392 Return list of structs:
    1393 {{{
    1394 [
    1395   {
    1396    geni_sliver_urn: <string>,
    1397    geni_allocation_status: <string>,
    1398    geni_expires: <dateTime.rfc3339 when the sliver expires from its current state>,
    1399   },
    1400   ...
    1401 ]
    1402 }}}
    1403 
    1404  == Shutdown ==
    1405 Perform an emergency shutdown on the slice at this aggregate. Resources should be taken offline, such that experimenter access (on both the control and data plane) is cut off. No further actions on the slice should be possible at this aggregate, until an un-specified operator action restores the slice.
    1406 {{{
    1407 struct Shutdown(string slice_urn, struct credentials[], struct options)
    1408 }}}
    1409 
    1410 `credentials` is the standard argument defined above.
    1411 
    1412 Return: XML-RPC boolean