| 428 | == Change Set AD: Do not require a user credential in !ListResources == |
| 429 | Currently, a user credential is requires to call !ListResources to get the advertisement RSpec from an aggregate. Tools have a tool certificate, but cannot get a user credential. The result is that tools cannot retrieve current resource availability without a user who allows the tool to speak for them. Since Ads change infrequently, this is inefficient. Tools would like to be able to cache Ads. |
| 430 | |
| 431 | This proposed change would make the user credential OPTIONAL that is currently required to call !ListResources (not in a slice context). |
| 432 | |
| 433 | Note: |
| 434 | - A valid / trusted client certificate is still required. This could be the certificate of the tool. So the caller is authenticated, but not separately authorized. |
| 435 | - Aggregates are free to return a different Advertisement to callers who do not supply a valid user credential. |
| 436 | |
| 437 | This proposal was discussed at the [wiki:GEC22Agenda/DeveloperRoundtable GEC22 Developer Roundtable]. |
| 438 | |
| 439 | '''Proposal''': |
| 440 | Modify `ListResources` (for both API version 2 when not in a slice context and version 3+ implementations): |
| 441 | - Make explicit in APIv2 that `ListResources` requires no credentials when no slice URN is supplied, but a user credential may optionally be supplied. |
| 442 | - For APIv3, change the `ListResources` details that now says `this list must include a valid user credential` to instead use `may`, as in: `this list may include a valid user credential`. |