Changes between Version 49 and Version 50 of GAPI_AM_API_V3/CommonConcepts
- Timestamp:
- 01/15/14 13:39:39 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GAPI_AM_API_V3/CommonConcepts
v49 v50 50 50 - AMs are required to continue to accept current-format credentials as specified in GeniApiCredentials. 51 51 - In particular, a single standard slice credential remains sufficient for most authorization policies. 52 - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates as defined [ TIEDABACCredential here], for example.52 - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates as defined [wiki:TIEDABACCredential here], for example. 53 53 - AMs may get other authorization material from other sources: EG a future Credential Store service. 54 54 … … 69 69 '''Note''': AM API v3 adds requirements on URNs and certificates, as well as credentials. A credential is only `geni_sfa` version `3` if all contained certificates and URNs are AM API v3 compliant. Experimenters with existing certificates that are not AM API v3 compliant will only get `geni_sfa` version `2` credentials, unless they first get a new user certificate. As a result, most aggregates should accept both `geni_sfa` version `3` and version `2` credentials. 70 70 71 [http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. These are fully specified [ TIEDABACCredential here] (we use version 1.1 from that page).71 [http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. These are fully specified [wiki:TIEDABACCredential here] (we use version 1.1 from that page). 72 72 73 73 For example, an aggregate that accepts ABAC credentials, SFA slice credentials that were issued prior to AM API v3, and SFA slice credentials from AM API version 3, would include this in `GetVersion`: