822 | | • The user/tool cert is signed by someone in the CH’s trust chain |
823 | | • If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for. |
824 | | • The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info. |
825 | | • Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users. |
| 822 | * The user/tool cert is signed by someone in the CH’s trust chain |
| 823 | * If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for. |
| 824 | * The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info. |
| 825 | * Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users. |
828 | | • Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates) |
829 | | • Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential |
830 | | • Identifying: Information that could identify the given member (e.g. name, email, affiliation) |
831 | | |
832 | | |
833 | | |
| 828 | * Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates) |
| 829 | * Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential |
| 830 | * Identifying: Information that could identify the given member (e.g. name, email, affiliation) |
| 831 | |
| 832 | |
| 833 | |