Changes between Version 6 and Version 7 of TIEDABACCredential


Ignore:
Timestamp:
01/15/14 13:18:41 (10 years ago)
Author:
Aaron Helsinger
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TIEDABACCredential

    v6 v7  
    2525
    2626When the {{{type}}} element is "abac", an {{{abac}}} element must be present.  The {{{abac}}} field contains a single {{{rt0}}} element with one {{{head}}} element and one or more {{{tail}}} elements.  Each {{{head}}} or {{{tail}}} element contains
     27
     28 * The `head` element must include a `keyid` containing the SHA1 hash of the public key contained in the x509 certificate that signed this credential (and which is attached in the signature).
    2729
    2830 * An {{{ABACprincipal}}} element.  This contains
     
    9698
    9799The xsd additions to [http://www.protogeni.net/resources/credential/credential.xsd the GENIAPI credential XSD] are [attachment:rt0.xsd attached] to this page.  They encode the {{{rt0}}} element inside the {{{abac}}} element.  Minor additions need to be made to add the {{{abac}}} element as a choice.
     100
     101This credential is only valid if:
     102 - It validates against the schema (attached)
     103 - The XML signature is valid per the XML-DSig standard
     104 - The signing certificate is valid and trusted (see [GeniApiCertificates the GENI certificates page]).
     105 - The expiration date has not passed
     106 - The `keyid` of the `head` matches the credential signer (the SHA1 hash of the public key in the signing certificate)
    98107
    99108== Version 1.0 Credentials (deprecated) ==