Changes between Version 32 and Version 33 of UniformClearinghouseAPI


Ignore:
Timestamp:
08/16/13 06:53:04 (6 years ago)
Author:
mbrinn@bbn.com
Comment:

Clarify speaks-for argument sequence and that CH get_* use filter and match options like lookup_* calls

Legend:

Unmodified
Added
Removed
Modified
  • UniformClearinghouseAPI

    v32 v33  
    318318Accordingly, a Clearinghouse and associated Authorities should support speaks-for API transactions. These API transactions use the same signatures as the calls described in this document, with these enhancements:
    319319
    320 - The user (spoken-for) URN provided as a ‘speaking-for’ option on the call
    321 
    322 - The user’s certificate be provided as part of the credentials of the call
    323 
    324 - The speaks-for credential: a statement signed by the user indicating that the tool has the right to speak for the user, possibly limited to a particular scope (e.g. slice, project, API call, time window).
     320- A 'speaking-for' option containing the URN of the user being spoken for
     321
     322- A speaks-for credential in the list of credentials: a statement signed by the user indicating that the tool has the right to speak for the user, possibly limited to a particular scope (e.g. slice, project, API call, time window).
    325323
    326324The CH is then required to determine if the call is being made in a speaks-for context or not (that is, the ‘speaking-for’ option provided). If so, the CH call must determine if the tool is allowed to speak for the user by checking for the presence of a valid speaks-for credential and the spoken-for user’s cert. If so, the CH should validate if the user is authorized to take the proposed API action. If so, the action is taken and accounted to the user, with identity of the speaking-for tool logged. If the call is ‘speaks-for’ but any of these additional criteria are not met, the call should fail with an authorization error. If the call is not a ‘speaks-for’, then the normal authorization is performed based on the identity (certificate) provided with the SSL connection.
     
    370368'''Arguments:'''
    371369
    372 options: List of field names (from get_version) to be provided for each AM
     370options: 'match' and 'filter' options   as described in standard lookup methods
    373371
    374372'''Return:'''
     
    388386'''Arguments:'''
    389387
    390 options: List of field names (from get_version) to be provided for each MA
     388options: 'match' and 'filter' options   as described in standard lookup methods
    391389
    392390'''Return:'''
     
    406404'''Arguments:'''
    407405
    408 options: List of field names (from get_version) to be provided for each SA
     406options: 'match' and 'filter' options   as described in standard lookup methods
    409407
    410408'''Return:'''