Changes between Version 4 and Version 5 of GeniApiCredentials
- Timestamp:
- 04/19/12 11:01:09 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GeniApiCredentials
v4 v5 9 9 In the API, method calls take a list of Credentials. The semantics of that list are not specified. The reference GCF implementation treats each credential as a separate option: if any ONE credential grants the subject ALL required privileges on the specified target, then allow the operation. An alternative implementation could accumulate privileges from each otherwise valid credential to determine total permissions. 10 10 11 GENI Credentials are signed XML containing:11 GENI Credentials are signed XML documents, following [http://www.w3.org/TR/xmldsig-core/ the W3C standard], containing: 12 12 - Owner GID, which is a PEM format X509 certificate, containing the owner's URN in the Subject Alt Name field. See GeniApiCertificates. 13 13 - Owner URN to identify the owner (entity whose permissions are being specified). For information on URNs, see GeniApiIdentifiers. … … 95 95 96 96 97 98 99 100 97 == Development Experience == 101 XMLSEC: 98 [http://www.aleksey.com/xmlsec/ XMLSEC] is the standard library for for signing, encrypting, and validating XML digital signatures. For Java libraries, see the [http://santuario.apache.org/index.html Apache Santuario] library. 102 99 103 100 The xmlsec1 binary (installed as part of the xmlsec library) will take an XML file that has a signature template appended to it and an xml:id attribute, and sign the portion of the XML document designated by the same xml:id using the provided key. The signature is placed within the appended signature template. Discussion of installation and usage is provided below