Changes between Version 6 and Version 7 of TIEDABACCredential
- Timestamp:
- 01/15/14 13:18:41 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TIEDABACCredential
v6 v7 25 25 26 26 When the {{{type}}} element is "abac", an {{{abac}}} element must be present. The {{{abac}}} field contains a single {{{rt0}}} element with one {{{head}}} element and one or more {{{tail}}} elements. Each {{{head}}} or {{{tail}}} element contains 27 28 * The `head` element must include a `keyid` containing the SHA1 hash of the public key contained in the x509 certificate that signed this credential (and which is attached in the signature). 27 29 28 30 * An {{{ABACprincipal}}} element. This contains … … 96 98 97 99 The xsd additions to [http://www.protogeni.net/resources/credential/credential.xsd the GENIAPI credential XSD] are [attachment:rt0.xsd attached] to this page. They encode the {{{rt0}}} element inside the {{{abac}}} element. Minor additions need to be made to add the {{{abac}}} element as a choice. 100 101 This credential is only valid if: 102 - It validates against the schema (attached) 103 - The XML signature is valid per the XML-DSig standard 104 - The signing certificate is valid and trusted (see [GeniApiCertificates the GENI certificates page]). 105 - The expiration date has not passed 106 - The `keyid` of the `head` matches the credential signer (the SHA1 hash of the public key in the signing certificate) 98 107 99 108 == Version 1.0 Credentials (deprecated) ==