Changes between Version 37 and Version 38 of GAPI_AM_API_DRAFT


Ignore:
Timestamp:
03/06/12 10:20:07 (7 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GAPI_AM_API_DRAFT

    v37 v38  
    664664
    665665= Change Set L: Change SFA credentials' privileges =
    666 Our goal is to simplify and standardize privilege strings. Currently there are wildcards, bind, embed, and others. They are confusing. We also want extensibility to use these credentials elsewhere in future.
     666Our goal is to simplify and standardize privilege strings used in SFA credentials. Currently there are wildcards, bind, embed, and others. They are confusing. We also want extensibility to use these credentials elsewhere in future.
    667667
    668668Credentials should support these kinds of operations:
     
    688688
    689689Privilege and credential semantics are defined as follows:
    690  - Aggregates may only grant access to a method if at least one valid credential
    691   - grants the required privilege (if any)
     690 - Aggregates may only grant access using current SFA credentials to a method if at least one such valid credential:
     691  - grants the required privilege or privileges (if any)
    692692  - to the caller of the API method
    693693   - (identified by their SSL client certificate and the {{{owner_gid}}} in the credential)
    694694  - over the slice (if any) on which they are operating
    695695   - ({{{target_gid}}} in the credential).
    696  - Other privileges may be present in the same or other credentials.
     696 - Other privileges may be present in the same or other credentials, and other non-SFA credentials may be used to authorize actions (per [#ChangeSetG:Credentialsaregeneralauthorizationtokens. Change Set G].
    697697 - Local aggregate policy may deny access to a particular method even in the presence of a valid credential granting the required privilege.
    698698 - Some operations (e.g. !GetVersion) may either simply require a valid credential with no particular privilege, or have no {{{credentials}}} argument at all.
    699699
    700 Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change explicitly requires that aggregates require a valid slice credential with {{{CanRead}}} privileges to perform this operation.
     700Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change explicitly requires that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials.
    701701
    702702-----