Changes between Version 16 and Version 17 of UniformClearinghouseAPI


Ignore:
Timestamp:
08/15/13 11:45:03 (6 years ago)
Author:
jmccolga@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UniformClearinghouseAPI

    v16 v17  
    820820
    821821The protected APIs described here are standard SSL calls and can be invoked by anyone with their own SSL cert and private key. Reasonable security policy, however, should allow this call to succeed only if the following criteria are met:
    822 * The user/tool cert is signed by someone in the CH’s trust chain
    823 * If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for.
    824 * The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info.
    825 * Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users.
     822
     823 * The user/tool cert is signed by someone in the CH’s trust chain
     824 * If the cert is held by a tool, then the call must contain a user cert and a ‘speaks-for’ credential and the tool is trusted by the CH to perform speaks-for.
     825 * The requestor is asking for their own identifying info or has privileges with respect to the people about whom they are asking for that identifying info.
     826 * Access to private info (SSL or SSH keys) should be restricted only to the user’s own keys for ordinary users.
    826827
    827828The information managed by the MA API is divided into three categories, for purposes of applying different AuthZ policies at these different levels:
    828 * Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates)
    829 * Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential
    830 * Identifying: Information that could identify the given member (e.g. name, email, affiliation)
    831 
    832 
    833 
     829
     830 * Public: Public information about a member (e.g. public SSH or SSH keys, speaks-for credentials, certificates)
     831 * Private: Private information (e.g. private SSL or SSH keys) that should be given only to the member or a tool speaking for the member with a valid speaks-for credential
     832 * Identifying: Information that could identify the given member (e.g. name, email, affiliation)
     833
     834
     835
     836