Changes between Version 48 and Version 49 of GAPI_AM_API_V3/CommonConcepts
- Timestamp:
- 01/15/14 13:06:50 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GAPI_AM_API_V3/CommonConcepts
v48 v49 50 50 - AMs are required to continue to accept current-format credentials as specified in GeniApiCredentials. 51 51 - In particular, a single standard slice credential remains sufficient for most authorization policies. 52 - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates , eg.52 - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates as defined [TIEDABACCredential here], for example. 53 53 - AMs may get other authorization material from other sources: EG a future Credential Store service. 54 54 … … 69 69 '''Note''': AM API v3 adds requirements on URNs and certificates, as well as credentials. A credential is only `geni_sfa` version `3` if all contained certificates and URNs are AM API v3 compliant. Experimenters with existing certificates that are not AM API v3 compliant will only get `geni_sfa` version `2` credentials, unless they first get a new user certificate. As a result, most aggregates should accept both `geni_sfa` version `3` and version `2` credentials. 70 70 71 [http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. 71 [http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. These are fully specified [TIEDABACCredential here] (we use version 1.1 from that page). 72 72 73 73 For example, an aggregate that accepts ABAC credentials, SFA slice credentials that were issued prior to AM API v3, and SFA slice credentials from AM API version 3, would include this in `GetVersion`: