Changes between Version 98 and Version 99 of GAPI_AM_API_DRAFT


Ignore:
Timestamp:
01/15/14 13:05:04 (10 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GAPI_AM_API_DRAFT

    v98 v99  
    384384Two other additions are required: we must define the 'Speaks For' credential and its semantics, and we must define the URN and certificates for tools.
    385385
    386 The 'Speaks For' credential will be specified elsewhere. Several points are worth noting
    387  - The credential includes the certificates of the tool instance and the user. For the credential to be accepted, each certificate must itself be trusted by the aggregate; current recommended GENI policy requires [GeniApiCertificates a particular format] for that certificate, and requires that it be signed (directly or indirectly) by a trusted GENI root.
     386The 'Speaks For' credential will be a signed XML document encoding of an ABAC credential (GENI type `geni_abac` version `1`) as specified [TIEDABACCredential here]. Several points are worth noting
     387 - The credential includes the certificate of the user and an identifier for the tool. For the credential to be accepted, each certificate must itself be trusted by the aggregate; current recommended GENI policy requires [GeniApiCertificates a particular format] for that certificate, and requires that it be signed (directly or indirectly) by a trusted GENI root.
    388388 - The credential includes an expiration
    389389 - The credential may include scope limitations (including slice, aggregate, operation)
     
    399399  - Tool names are limited to 64 characters.
    400400  - Tool URNs (which contain the authority name and the tool instance name) are required to be temporally and globally unique.
     401  - Tool names should encode both the tool type and instance. For example `portal-gpo` or `genidesktop-uky`.
    401402 - The tool email address should be a way to contact the administrators of the tool instance - the organization or individual who applied for the certificate and who stands behind its integrity.
    402403