535 | | Augment existing slice credentials to add a new possible privilege value `longlived` that means that the issuing Slice Authority (SA) believes that the given slice should be allowed to have an extra long reservation. The proposal does not specify how the SA decides to include this privilege. Requesting a credential for such a slice results in a slice credential that adds this privilege. |
536 | | |
537 | | Aggregates must accept slice credentials that include the new privilege and understand that a privilege value of `*` does not include this privilege. When an aggregate receives a slice credential that includes this privilege, the aggregate should allow resources in this slice to be renewed beyond the usual maximum resource reservation lifetime at that aggregate. However, the maximum expiration time for the resources remains subject to local aggregate policy. Also note that resource expiration must still be limited by the expiration of the supplied slice credential. |
538 | | |
539 | | Using an extension to the slice credential schema, the SA may specify the number of maximum number of days that the resource should be renewed for. That is, on initial allocate/create sliver the resource should expire after that number of days, and on renew the resource should be renewed until the minimum of the requested date, the slice expiration, and the current date plus the # of days in the slice credential. The extension: http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd |
540 | | |
541 | | Note that AMs may issue special credentials using the same schema to slices or users and honor these, at their own discretion. |
542 | | |
543 | | This change requires aggregates to accept and handle these new credentials. |
| 537 | Use the `extensions` field of the existing slice credential schema, to add an extension specifying the number of days that reservations in this slice should be good for. The presence of this extension in the credential indicates that the issuer believes that when receiving this credential in a `createsliver` or `renew` or `provision` request, the aggregate should reserve the requested resources for the given number of days (up to the slice expiration as usual), independent of typical local AM policy or resource specific policy. Aggregate local policy will determine what the aggregate actually allows, but policy for a specific GENI federation may require aggregates to follow this extension when found in a slice credential issued by the federation slice authority. |
| 538 | The proposal does not specify how the issuer decides to include this privilege extension. Requesting a credential for such a slice results in a slice credential that adds this privilege. |
| 539 | |
| 540 | Credentials containing this extension will typically be issued by the slice authority as the single slice credential, retrieved by clients requesting a slice credential. Aggregates are free to issue their own similar credentials, that only they are likely to honor. |
| 541 | |
| 542 | At an aggregate honoring this extension, on initial `provision`/`createsliver` the resource should expire after the minimum of the slice expiration and now+the number of days specified in the credential. On `renew` the resource should be renewed until the minimum of the requested date, the slice expiration, and the current date plus the # of days in the slice credential. |
| 543 | |
| 544 | The extension for specifying this: http://www.protogeni.net/resources/credential/ext/policy/1/policy.xsd |
| 545 | |
| 546 | This change requires aggregates to accept and handle these new credentials when issued by a trusted authority. |