822 | | * The user/tool cert is signed by someone in the CH’s trust chain |
823 | | * If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for. |
824 | | * The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info. |
825 | | * Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users. |
| 822 | |
| 823 | * The user/tool cert is signed by someone in the CH’s trust chain |
| 824 | * If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for. |
| 825 | * The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info. |
| 826 | * Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users. |
828 | | * Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates) |
829 | | * Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential |
830 | | * Identifying: Information that could identify the given member (e.g. name, email, affiliation) |
831 | | |
832 | | |
833 | | |
| 829 | |
| 830 | * Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates) |
| 831 | * Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential |
| 832 | * Identifying: Information that could identify the given member (e.g. name, email, affiliation) |
| 833 | |
| 834 | |
| 835 | |
| 836 | |