Changes between Version 49 and Version 50 of GAPI_AM_API_V3/CommonConcepts


Ignore:
Timestamp:
01/15/14 13:39:39 (10 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GAPI_AM_API_V3/CommonConcepts

    v49 v50  
    5050 - AMs are required to continue to accept current-format credentials as specified in GeniApiCredentials.
    5151  - In particular, a single standard slice credential remains sufficient for most authorization policies.
    52  - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates as defined [TIEDABACCredential here], for example.
     52 - Other credential formats acceptable by some aggregates might include [http://abac.deterlab.net/ ABAC] x509 Attribute certificates as defined [wiki:TIEDABACCredential here], for example.
    5353 - AMs may get other authorization material from other sources: EG a future Credential Store service.
    5454
     
    6969'''Note''': AM API v3 adds requirements on URNs and certificates, as well as credentials. A credential is only `geni_sfa` version `3` if all contained certificates and URNs are AM API v3 compliant. Experimenters with existing certificates that are not AM API v3 compliant will only get `geni_sfa` version `2` credentials, unless they first get a new user certificate. As a result, most aggregates should accept both `geni_sfa` version `3` and version `2` credentials.
    7070
    71 [http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. These are fully specified [TIEDABACCredential here] (we use version 1.1 from that page).
     71[http://abac.deterlab.net/ ABAC] credentials as of AM API version 3 will be type=`geni_abac`, version=`1`. These are fully specified [wiki:TIEDABACCredential here] (we use version 1.1 from that page).
    7272
    7373For example, an aggregate that accepts ABAC credentials, SFA slice credentials that were issued prior to AM API v3, and SFA slice credentials from AM API version 3, would include this in `GetVersion`: