535 | | Aggregates must accept slice credentials that include the new privilege and understand that a privilege value of `*` does not include this privilege. When an aggregate receives a slice credential that includes this privilege, the aggregate should allow resources in this slice to be renewed beyond the usual maximum resource reservation lifetime at that aggregate. However, the maximum expiration time for the resources remains subject to local aggregate policy. Some aggregate may allow arbitrary expirations for some resources when given a long lived slice credential. Some aggregates may double the maximum duration of the reservation. And other aggregates for scarce resources may only allow a slight increase over the usual duration. |
536 | | |
537 | | '''Question''': Does the privilege say anything about how long the slice' reservations should be good for? I think not. |
538 | | |
539 | | '''Alternative''': Add a new credential, in addition to the existing slice credential, which looks just like a normal slice credential, but adds this additional privilege. This requires tools to retrieve and pass around multiple credentials. |
| 535 | Aggregates must accept slice credentials that include the new privilege and understand that a privilege value of `*` does not include this privilege. When an aggregate receives a slice credential that includes this privilege, the aggregate should allow resources in this slice to be renewed beyond the usual maximum resource reservation lifetime at that aggregate. However, the maximum expiration time for the resources remains subject to local aggregate policy. Also note that resource expiration must still be limited by the expiration of the supplied slice credential. |
| 536 | |
| 537 | Using an extension to the slice credential schema, the SA may specify the number of maximum number of days that the resource should be renewed for. That is, on initial allocate/create sliver the resource should expire after that number of days, and on renew the resource should be renewed until the minimum of the requested date, the slice expiration, and the current date plus the # of days in the slice credential. The extension: http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd |
| 538 | |
| 539 | Note that AMs may issue special credentials using the same schema to slices or users and honor these, at their own discretion. |