Changes between Version 3 and Version 4 of GeniApiCertificates


Ignore:
Timestamp:
04/19/12 11:06:55 (8 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiCertificates

    v3 v4  
    33= GENI API: Certificates =
    44
    5 Certificates are used to Authenticate actors in the GENI APIs.
    6 
    7 The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]).  Only the holder of the private key that signed the certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates.
     5GENI uses X.509 v3 certificates to (1) Authenticate actors in the GENI APIs, (2) protect message transport, specifically the SSL transport layer for APIs such as the AM API, and (3) to formally identify actors as members within [wiki:GeniApiCredentials GENI credentials].
     6
     7The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] (formally defined [http://tools.ietf.org/html/rfc5280 in RFC5280]) to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]).  Only the holder of the private key that signed the certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates.
    88
    99In the GENI APIs, these certificates are used for both server side authentication and client side authentication in SSL connections (actually https).