Changes between Version 1 and Version 2 of GeniApiCertificates


Ignore:
Timestamp:
08/17/10 14:39:15 (11 years ago)
Author:
faber@isi.edu
Comment:

tied some links back up

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiCertificates

    v1 v2  
    55Certificates are used to Authenticate actors in the GENI API.
    66
    7 The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] to bind public keys to identifiers ([wiki:GAPI_Identifiers URNs]).  Only the holder of the private key that signed the certificate can act as the the user named by the URN.
     7The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]).  Only the holder of the private key that signed the certificate can act as the the user named by the URN.
    88
    99In the GENI API, these certificates are used for both server side authentication and client side authentication in SSL connections (actually https).
    1010
    11 Once the SSL library has established the secure authenticated communications channel using these certificates, the GENI API uses the certificates as part of [wiki:GAPI_Credentials] to authorize the client to execute actions on the server.
     11Once the SSL library has established the secure authenticated communications channel using these certificates, the GENI API uses the certificates as part of [wiki:GeniApiCredentials] to authorize the client to execute actions on the server.
    1212
    1313=== Format ===
    14 A GENI certificate is an [http://en.wikipedia.org/wiki/X.509 X509v3 certificate] that specifies a GENI identifier ([wiki:GAPI_Identifiers URN]) in the X509v3 subjectAltName extension.  It is stored in PEM format which is described in the [http://en.wikipedia.org/wiki/X.509 X.509 wikipedia page]. The GENI identifier (URN) is placed in [http://en.wikipedia.org/wiki/Uniform_Resource_Identifier URI format] and begins with: 'URI:urn:publicid:IDN+'.  The certificate's Common Name (CN) values for the Issuer and Subject are not specified by the GENI specifications and can be any valid common name.  The following is an example GENI certificate that uses a dotted notation for the common names:
     14A GENI certificate is an [http://en.wikipedia.org/wiki/X.509 X509v3 certificate] that specifies a GENI identifier ([wiki:GeniApiIdentifiers URN]) in the X509v3 subjectAltName extension.  It is stored in PEM format which is described in the [http://en.wikipedia.org/wiki/X.509 X.509 wikipedia page]. The GENI identifier (URN) is placed in [http://en.wikipedia.org/wiki/Uniform_Resource_Identifier URI format] and begins with: 'URI:urn:publicid:IDN+'.  The certificate's Common Name (CN) values for the Issuer and Subject are not specified by the GENI specifications and can be any valid common name.  The following is an example GENI certificate that uses a dotted notation for the common names:
    1515
    1616{{{