Changes between Version 7 and Version 8 of GeniApiCertificates


Ignore:
Timestamp:
05/31/13 20:21:43 (11 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniApiCertificates

    v7 v8  
    55GENI uses X.509 v3 certificates to (1) Authenticate actors in the GENI APIs, (2) protect message transport, specifically the SSL transport layer for APIs such as the AM API, and (3) to formally identify actors as members within [wiki:GeniApiCredentials GENI credentials].
    66
    7 The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] (formally defined [http://tools.ietf.org/html/rfc5280 in RFC5280]) to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]).  Only the holder of the private key that signed the certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates.
     7The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] (formally defined [http://tools.ietf.org/html/rfc5280 in RFC5280]) to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]).  Only the holder of the private key corresponding to the public key contained in the certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates.
    88
    99In the GENI APIs, these certificates are used for both server side authentication and client side authentication in SSL connections (actually https).