5 | | Credentials are used to authorize actions (where certificates authenticate and URNs identify). They specify the permissions of the Owner relative to a Target object. |
6 | | |
7 | | In the AM API, credentials have a type and version string. This page documents credentials of type `geni_sfa` and version '''3'''. |
8 | | |
9 | | A credential provides the credential's owner with permissions on a target object (identified by a URN). For instance, with a 'slice credential,' the user is given rights to allocate and remove resources from a slice. The credential format that the GENI AM API uses is adapted from ProtoGENI's credential format described at: http://www.protogeni.net/trac/protogeni/wiki/Credentials. The only differences between the two formats is that the GENI credential allows for different privileges (those from other control frameworks such as Planet Lab's SFA). Also note that the value of {{{can_delegate}}} on privileges is an [http://www.w3.org/TR/xmlschema11-2/#boolean xsd:boolean], meaning it should be one of 1, 0, {{{true}}}, or {{{false}}}. |
| 5 | Credentials are signed assertions used to authorize actions (where certificates authenticate and URNs identify). |
| 6 | |
| 7 | In the AM API, credentials have a type and version string. This page documents the GENI SFA credential format, and specifically credentials of type `geni_sfa` and version '''3'''. These GENI SFA credentials specify the permissions of the Owner relative to a Target object. |
| 8 | |
| 9 | The same basic structure is used to specify [TIEDABACCredential GENI ABAC credentials] (type `geni_abac` and version '''1'''), but with some important [TIEDABACCredential differences]. |
| 10 | |
| 11 | A GENI SFA credential provides the credential's owner with permissions on a target object (identified by a URN). For instance, with a 'slice credential,' the user is given rights to allocate and remove resources from a slice. The credential format that the GENI AM API uses is adapted from ProtoGENI's credential format described at: http://www.protogeni.net/trac/protogeni/wiki/Credentials. The only differences between the two formats is that the GENI credential allows for different privileges (those from other control frameworks such as Planet Lab's SFA). Also note that the value of {{{can_delegate}}} on privileges is an [http://www.w3.org/TR/xmlschema11-2/#boolean xsd:boolean], meaning it should be one of 1, 0, {{{true}}}, or {{{false}}}. |