Changes between Version 41 and Version 42 of GAPI_AM_API_DRAFT


Ignore:
Timestamp:
03/09/12 13:47:34 (13 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GAPI_AM_API_DRAFT

    v41 v42  
    695695   - ({{{target_gid}}} in the credential).
    696696 - Other privileges may be present in the same or other credentials, and other non-SFA credentials may be used to authorize actions (per [#ChangeSetG:Credentialsaregeneralauthorizationtokens. Change Set G]).
    697  - Local aggregate policy may deny access to a particular method even in the presence of a valid credential granting the required privilege.
     697 - Local aggregate policy may grant or deny access to a particular method regardless of the presence of a valid credential granting the required privilege. This depends in part on federation policy governing aggregates.
    698698 - Some operations (e.g. !GetVersion) may either simply require a valid credential with no particular privilege, or have no {{{credentials}}} argument at all.
    699699
    700 Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change explicitly requires that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials.
     700Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change suggests that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials.
    701701
    702702-----