Changes between Version 41 and Version 42 of GAPI_AM_API_DRAFT
- Timestamp:
- 03/09/12 13:47:34 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GAPI_AM_API_DRAFT
v41 v42 695 695 - ({{{target_gid}}} in the credential). 696 696 - Other privileges may be present in the same or other credentials, and other non-SFA credentials may be used to authorize actions (per [#ChangeSetG:Credentialsaregeneralauthorizationtokens. Change Set G]). 697 - Local aggregate policy may deny access to a particular method even in the presence of a valid credential granting the required privilege.697 - Local aggregate policy may grant or deny access to a particular method regardless of the presence of a valid credential granting the required privilege. This depends in part on federation policy governing aggregates. 698 698 - Some operations (e.g. !GetVersion) may either simply require a valid credential with no particular privilege, or have no {{{credentials}}} argument at all. 699 699 700 Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change explicitly requires that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials.700 Note also that some current AMs do not require any particular privileges to do !ListResources, even with a {{{slice_urn}}}. This change suggests that aggregates require a valid slice credential with {{{CanRead}}} privileges to authorize this operation using current slice credentials. 701 701 702 702 -----