Changes between Version 4 and Version 5 of GeniApiCredentials


Ignore:
Timestamp:
04/19/12 11:01:09 (12 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GeniApiCredentials

    v4 v5  
    99In the API, method calls take a list of Credentials. The semantics of that list are not specified. The reference GCF implementation treats each credential as a separate option: if any ONE credential grants the subject ALL required privileges on the specified target, then allow the operation. An alternative implementation could accumulate privileges from each otherwise valid credential to determine total permissions.
    1010
    11 GENI Credentials are signed XML containing:
     11GENI Credentials are signed XML documents, following [http://www.w3.org/TR/xmldsig-core/ the W3C standard], containing:
    1212 - Owner GID, which is a PEM format X509 certificate, containing the owner's URN in the Subject Alt Name field. See GeniApiCertificates.
    1313 - Owner URN to identify the owner (entity whose permissions are being specified). For information on URNs, see GeniApiIdentifiers.
     
    9595
    9696
    97 
    98 
    99 
    10097== Development Experience ==
    101 XMLSEC:
     98[http://www.aleksey.com/xmlsec/ XMLSEC] is the standard library for for signing, encrypting, and validating XML digital signatures. For Java libraries, see the [http://santuario.apache.org/index.html Apache Santuario] library.
    10299
    103100The xmlsec1 binary (installed as part of the xmlsec library) will take an XML file that has a signature template appended to it and an xml:id attribute, and sign the portion of the XML document designated by the same xml:id using the provided key.  The signature is placed within the appended signature template.    Discussion of installation and usage is provided below