Changes between Version 1 and Version 2 of TIEDABACCredential


Ignore:
Timestamp:
05/17/13 16:35:53 (11 years ago)
Author:
faber@isi.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACCredential

    v1 v2  
    1010 * A version element whose content is 2 non-negative integers separated by a period.  No spaces. A major and minor version number.  This page describes version 1.0
    1111 * An expires element whose content defines the last time the credential is valid.  It is in the same format as the [GeniApiCredential GENI privilege credential].
    12  * An rt0 element that includes an encoding of the RT0 rule.  All take the form ''Principal.Attr'' {{{<-}}} ''RHS'' according to the following rules
     12 * An rt0 element that includes an encoding of the RT0 rule.  All take the form Principal.Attr {{{<-}}} RHS according to the following rules
    1313   * Principals are encoded by their Subject Key Identifier - a SHA1 hash fo their public key data.  These are shown in ''italics'' below.
    1414   * Attributes are space-free strings containing alpha-numeric data and underscores.
     
    1616   * An assignment of an attribute to a set of principals that have an attribute os of the form ''issuer''.role1 <- ''principal''.role2
    1717   * An assignment of an attribute to a set of principals assigned a given arrtibute by a principal with a given linking attribute has the form ''issuer''.role1 <- ''principal''.linking_attribute.role2.  See [wiki:TIEDABACModel here] for examples of this type of role.
    18    * The right side of the assignment may be a conjunction of the various principal types of this form ''issuer''.role0 <- ''principal1''.role1 & ''principal2''.role2
     18   * The right side of the assignment (RHS) may be a conjunction of the various RHS types above, e.g., ''issuer''.role0 <- ''principal1''.role1 & ''principal2''.role2
    1919
     20An example abac credential (formatted for display which may invalidate the signature) follows.  Note that the <- in the <rt0> element has been escaped as &lt;-.
     21
     22{{{
     23<signed-credential>
     24 <credential xml:id="ref0">
     25  <type>abac</type>
     26  <version>1.0</version>
     27  <expires>2033-05-12T18:33:02Z</expires>
     28  <rt0>f98bec95a3ade2968378bd9ef77104e8f9031ec4.friendly&lt;-3f2531dd349d831a0217907b03f309ebb81a447e</rt0>
     29 </credential>
     30 <signatures>
     31  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
     32   <SignedInfo>
     33    <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
     34    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
     35    <Reference URI="#ref0">
     36     <Transforms>
     37      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
     38     </Transforms>
     39     <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     40     <DigestValue>DEGT6ENGnJDxSK/KQ98B2lKGn2M=</DigestValue>
     41    </Reference>
     42   </SignedInfo>
     43   <SignatureValue>tDFuWoUimexrKlvnh6ie4fL7EX3NTsOSrry9X3szC9GZwNdxOHaDplwopFD/4/vE
     44Uv+e78OBWybRQKBKse0tuIc7mRQTUflwAKJHiIUbbffSJ/IGxxnKn4Oz559ouZej
     45cIv6ssSN5fNojSbwlYPGvCmtjOP+/kVE8enKyBqS++nbySUDM0yG28rF57kvRic0
     46mq0zWF1cKBgPNgH35jeGFlpsDqXIcESLM3z6RUtmvhNm/ynbbhqL0mOy7Os8hDqV
     47jKPlkTb5916lzMpYVuPeVmU2RX/OuqZET7cLo5LZ5P3V5X7XjSXU61rcr51a6HTO
     48L6eCu7/8eVcxsNVlytwepg==</SignatureValue>
     49   <KeyInfo>
     50    <KeyValue>
     51     <RSAKeyValue>
     52      <Modulus>
     532r8ogNUkqz8FezxQgvDq29uMuDtzPIV5uTWlM5IVy0x1aKWREA+wG1Xe3b6jDzhD
     54D4BDQQkgUYIWTq+lnhsDqz60yKy+DZ/TzSU3kLbJAcXwBEJ7E6YkfOCGK0/D1Bzq
     55qrD4Jeq1LlkRplE3iwx0eN6CnrQzrD7WlntRP/gf6NKDDQYJBUvS/+boE0IRFFIG
     56NQem6CUlITFYnIh7bbcNqw8uJcupkLbUN+jg9oWu6+HXRGmUEBC2OCi+5fApDD7e
     57jyaBs/dTBOTgqVgUv/1ghf+eQrhXRiaug6Beh3U/IJsNjxIdYm01W/ekOgyC3hGz
     58XdTm56HwZGw55Z7nVsi+Mw==
     59</Modulus>
     60      <Exponent>
     61AQAB
     62</Exponent>
     63     </RSAKeyValue>
     64    </KeyValue>
     65    <X509Data>
     66     <X509Certificate>MIIC/TCCAeWgAwIBAgIIZYdpzvz3KRUwDQYJKoZIhvcNAQEFBQAwDDEKMAgGA1UE
     67AxMBQTAeFw0xMzA1MTcxODMzMDFaFw0zMzA1MTIxODMzMDFaMAwxCjAIBgNVBAMT
     68AUEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDavyiA1SSrPwV7PFCC
     698Orb24y4O3M8hXm5NaUzkhXLTHVopZEQD7AbVd7dvqMPOEMPgENBCSBRghZOr6We
     70GwOrPrTIrL4Nn9PNJTeQtskBxfAEQnsTpiR84IYrT8PUHOqqsPgl6rUuWRGmUTeL
     71DHR43oKetDOsPtaWe1E/+B/o0oMNBgkFS9L/5ugTQhEUUgY1B6boJSUhMViciHtt
     72tw2rDy4ly6mQttQ36OD2ha7r4ddEaZQQELY4KL7l8CkMPt6PJoGz91ME5OCpWBS/
     73/WCF/55CuFdGJq6DoF6HdT8gmw2PEh1ibTVb96Q6DILeEbNd1ObnofBkbDnlnudW
     74yL4zAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
     75A1UdDgQWBBT5i+yVo63iloN4vZ73cQTo+QMexDAfBgNVHSMEGDAWgBT5i+yVo63i
     76loN4vZ73cQTo+QMexDANBgkqhkiG9w0BAQUFAAOCAQEAo68/jwfCJvWzYaSo7c5D
     77li9EJHbeLAheLAilURoh0OwmScNIbrlDh4DMBrNarY35t3tIHxS/tsHv52Haup67
     78coi/h4GvWNeeMxvciWfcAqY88nPG/Xz0BjxlpCB52MsN2sR6Q/WIyfmFOl6ixdV1
     79X4XGKnEpKZz3bLAL2BWyzXHY7gPRI/hPk5x073iblexlPwKW8m1htVGmmboEq6YF
     807OrPsAYH1297ST/s/G0AvbTJv7eCmbWHnjgW75t1X0Weu5oO8b2c09N03lHuSSdh
     811wdsfPvtNCe3yslkPJQG05Exisv+U7H4QpwgEKz2ZFfRTFpKjk82mwFthdPQF32E
     82jw==</X509Certificate>
     83     <X509SubjectName>CN=A</X509SubjectName>
     84     <X509IssuerSerial>
     85      <X509IssuerName>CN=A</X509IssuerName>
     86      <X509SerialNumber>7315932457414895893</X509SerialNumber>
     87     </X509IssuerSerial>
     88    </X509Data>
     89   </KeyInfo>
     90  </Signature>
     91 </signatures>
     92</signed-credential>
     93
     94}}}