Changes between Version 98 and Version 99 of GAPI_AM_API_DRAFT
- Timestamp:
- 01/15/14 13:05:04 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GAPI_AM_API_DRAFT
v98 v99 384 384 Two other additions are required: we must define the 'Speaks For' credential and its semantics, and we must define the URN and certificates for tools. 385 385 386 The 'Speaks For' credential will be specified elsewhere. Several points are worth noting387 - The credential includes the certificate s of the tool instance and the user. For the credential to be accepted, each certificate must itself be trusted by the aggregate; current recommended GENI policy requires [GeniApiCertificates a particular format] for that certificate, and requires that it be signed (directly or indirectly) by a trusted GENI root.386 The 'Speaks For' credential will be a signed XML document encoding of an ABAC credential (GENI type `geni_abac` version `1`) as specified [TIEDABACCredential here]. Several points are worth noting 387 - The credential includes the certificate of the user and an identifier for the tool. For the credential to be accepted, each certificate must itself be trusted by the aggregate; current recommended GENI policy requires [GeniApiCertificates a particular format] for that certificate, and requires that it be signed (directly or indirectly) by a trusted GENI root. 388 388 - The credential includes an expiration 389 389 - The credential may include scope limitations (including slice, aggregate, operation) … … 399 399 - Tool names are limited to 64 characters. 400 400 - Tool URNs (which contain the authority name and the tool instance name) are required to be temporally and globally unique. 401 - Tool names should encode both the tool type and instance. For example `portal-gpo` or `genidesktop-uky`. 401 402 - The tool email address should be a way to contact the administrators of the tool instance - the organization or individual who applied for the certificate and who stands behind its integrity. 402 403