Changes between Version 11 and Version 12 of UniformClearinghouseAPI


Ignore:
Timestamp:
08/14/13 15:42:07 (11 years ago)
Author:
jmccolga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UniformClearinghouseAPI

    v11 v12  
    322322
    323323- The speaks-for credential: a statement signed by the user indicating that the tool has the right to speak for the user, possibly limited to a particular scope (e.g. slice, project, API call, time window).
     324
     325The CH is then required to determine if the call is being made in a speaks-for context or not (that is, the ‘speaking-for’ option provided). If so, the CH call must determine if the tool is allowed to speak for the user by checking for the presence of a valid speaks-for credential and the spoken-for user’s cert. If so, the CH should validate if the user is authorized to take the proposed API action. If so, the action is taken and accounted to the user, with identity of the speaking-for tool logged. If the call is ‘speaks-for’ but any of these additional criteria are not met, the call should fail with an authorization error. If the call is not a ‘speaks-for’, then the normal authorization is performed based on the identity (certificate) provided with the SSL connection.
     326
     327Aggregates are also encouraged to support speaks-for authentication and authorization, but this is an aggregate-internal policy and implementation decision, and outside the scope of this document.
     328
     329== Clearinghouse API ==
     330
     331The Clearinghouse provides a list of Slice Authorities, Member Authorities and Aggregates associated with a given Federation. The URL for accessing these methods (i.e. the URL of the Clearinghouse) is to be provided out-of-band (i.e. there is no global service for gaining access to CH addressees).
     332
     333The following table describes the default fields for services (aggregates and authorities) provided by CH API calls:
     334
     335
     336|| ''' Name ''' || ''' Type ''' || ''' DESCRIPTION ''' ||
     337|| SERVICE_URN || URN || URN of given service ||
     338|| SERVICE_URL ||URL || URL by which to contact the service ||
     339|| SERVICE_CERT || Certificate || Public certificate of service ||
     340|| SERVICE_NAME || String || Short name of service ||
     341|| SERVICE_DESCRIPTION || String || Descriptive name of service ||
     342
     343