Changes between Version 15 and Version 16 of UniformClearinghouseAPI


Ignore:
Timestamp:
08/15/13 11:44:34 (11 years ago)
Author:
jmccolga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UniformClearinghouseAPI

    v15 v16  
    820820
    821821The protected APIs described here are standard SSL calls and can be invoked by anyone with their own SSL cert and private key. Reasonable security policy, however, should allow this call to succeed only if the following criteria are met:
    822  The user/tool cert is signed by someone in the CH’s trust chain
    823  If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for.
    824  The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info.
    825  Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users.
     822* The user/tool cert is signed by someone in the CH’s trust chain
     823* If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for.
     824* The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info.
     825* Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users.
    826826
    827827The information managed by the MA API is divided into three categories, for purposes of applying different AuthZ policies at these different levels:
    828  Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates)
    829  Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential
    830  Identifying: Information that could identify the given member (e.g. name, email, affiliation)
    831 
    832 
    833 
     828* Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates)
     829* Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential
     830* Identifying: Information that could identify the given member (e.g. name, email, affiliation)
     831
     832
     833