Changes between Version 7 and Version 8 of GeniApiCertificates
- Timestamp:
- 05/31/13 20:21:43 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GeniApiCertificates
v7 v8 5 5 GENI uses X.509 v3 certificates to (1) Authenticate actors in the GENI APIs, (2) protect message transport, specifically the SSL transport layer for APIs such as the AM API, and (3) to formally identify actors as members within [wiki:GeniApiCredentials GENI credentials]. 6 6 7 The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] (formally defined [http://tools.ietf.org/html/rfc5280 in RFC5280]) to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]). Only the holder of the private key that signedthe certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates.7 The GENI Aggregate Manager API uses [http://en.wikipedia.org/wiki/X.509 X509 certificates] (formally defined [http://tools.ietf.org/html/rfc5280 in RFC5280]) to bind public keys to identifiers ([wiki:GeniApiIdentifiers URNs]). Only the holder of the private key corresponding to the public key contained in the certificate can act as the the user named by the URN. Aggregates are required to properly validate all certificates to authenticate access to AM API calls, and fail calls that supply invalid certificates. 8 8 9 9 In the GENI APIs, these certificates are used for both server side authentication and client side authentication in SSL connections (actually https).