Changes between Version 77 and Version 78 of UniformClearinghouseAPI


Ignore:
Timestamp:
10/11/13 16:16:46 (10 years ago)
Author:
mbrinn@bbn.com
Comment:

Clarify get_version fields as to mandatory/optional

Legend:

Unmodified
Added
Removed
Modified
  • UniformClearinghouseAPI

    v77 v78  
    7676
    7777Each Registry or Authority API provides a ‘get_version’ method, which provides information to the caller (or a tool composing calls for a tool user) about versions and options supported by that API. The call takes no argument and is unguarded (anyone can call it). The return from the get_version call will be a dictionary including the following entries (by key):
    78  * VERSION: The version number of the Federation API (e.g. “10.0.7”). Note: this is the version of the API not the version of the implementation.
    79  * SERVICES: The set of services the given URL supports   ''[Authorities only]''
     78 * VERSION: A string with the version number of the Federation API (e.g. “10.0.7”). Note: this is the version of the API not the version of the implementation. This field is mandatory for all services.
     79 * SERVICES: The set of services the given URL supports   
    8080 * CREDENTIAL_TYPES: A list of recognized credential types (e.g. [ABAC, SFA]) and list of supported credential versions on protected API methods.  ''[Authorities only]''
    81  * ROLES : A list of recognized roles for slice/project membership (optional for those Slice Authorities supporting membership).  ''[Authorities only]''
    82  * OBJECTS : List of additional supported objects (e.g. PROJECT in SA, KEY in MA). Not needed if only default objects handled (e.g. SLICE in SA, MEMBER in MA, SERVICE in Registry). ''[Authorities only]''
     81 * ROLES : A list of recognized roles for slice/project membership (optional for those Slice Authorities supporting membership).  ''[SA only]''
    8382 * FIELDS: A dictionary of '''''supplementary''''' object field names (i.e. in additional to the required fields) and associated attributes including:
    84      * “OBJECT” provides the object to which the field belongs (if not the default authority object, i.e. SLICE for Slice Authority, MEMBER for Member Authority, Service for Registry)
    85      * “TYPE” may be one of “URN”, “UID”, “STRING”, “DATETIME”, “EMAIL”, “KEY”,“BOOLEAN”, “CREDENTIAL”, “CERTIFICATE”. [NB. This set of types subject to change. See Appendix for more information on these data types.]
    86      * “CREATE” attributes may be specified as “REQUIRED”, “ALLOWED” or “NOT ALLOWED” (default = “NOT ALLOWED”). These indicate whether the given supplementary field is required, allowed or prohibited in create calls.
    87      * "MATCH" attributes may be specified as TRUE or FALSE (default = TRUE). These indicate whether a given field may be specified in an match option of a lookup call.
    88      * “UPDATE” attributes may be specified as TRUE or FALSE (default = FALSE). These indicate whether the given field may be specified in an update call.
    89      * “PROTECT” attributes may be labeled as “PUBLIC”, “PRIVATE” or “IDENTIFYING”. These are for the Member Authority Only to differentiate between public, identifying and private data fields on members.
     83     * “OBJECT” provides the object to which the field belongs (if not the default authority object, i.e. SLICE for Slice Authority, MEMBER for Member Authority, Service for Registry). This field is mandatory for any field listed.
     84     * “TYPE” may be one of “URN”, “UID”, “STRING”, “DATETIME”, “EMAIL”, “KEY”,“BOOLEAN”, “CREDENTIAL”, “CERTIFICATE”. [NB. This set of types subject to change. See Appendix for more information on these data types.] This field is mandatory for any field listed.
     85     * “CREATE” attributes may be specified as “REQUIRED”, “ALLOWED” or “NOT ALLOWED” (default = “NOT ALLOWED”). These indicate whether the given supplementary field is required, allowed or prohibited in create calls. This attribute is optional for listed fields.
     86     * "MATCH" attributes may be specified as booleans TRUE or FALSE (default = TRUE). These indicate whether a given field may be specified in an match option of a lookup call. This attribute is optional for listed fields.
     87     * “UPDATE” attributes may be specified as booleans TRUE or FALSE (default = FALSE). These indicate whether the given field may be specified in an update call. This attribute is optional for listed fields.
     88     * “PROTECT” attributes may be labeled as “PUBLIC”, “PRIVATE” or “IDENTIFYING”. These are for the Member Authority Only to differentiate between public, identifying and private data fields on members. The default, if not provided, is "PUBLIC", and thus this attribute is optional.
     89
     90The FIELDS element of the get_version is optional for all services, as it only contains supplementary fields (which may not exist for a given service).
    9091
    9192Supplementary field names should be placed in a distinct namespace by a prefix unique to that federation, and starting with an underscore (e.g _GENI_,  _OFELIA_ , _FED4FIRE_ or _PROTOGENI_ etc.).
     
    340341All Registry calls are unprotected; they have no requirement for passing a client-side cert or validating any client-cert cert that is passed.
    341342
     343The Registry implements the SERVICE service and supports the SERVICE object.
     344
    342345The following table describes the default fields for services (aggregates and authorities) provided by Registry API calls:
    343346
     
    445448
    446449
    447 || ''' Service ''' || ''' Description ''' || ''' Required ''' ||
    448 || SLICE || Managing generation, renewal of slice credentials and slice lookup services || YES ||
    449 || SLICE_MEMBER ||Defining and managing roles of members with respect to slices || NO ||
    450 || SLIVER_INFO || Providing information about what Aggregates have reported having slivers for a given slice. Non-authoritative/advisory || NO ||
    451 || PROJECT || Defining projects (groupings of slices) and project lookup services || NO ||
    452 || PROJECT_MEMBER || Defining and managing roles of members with respect to projects || NO ||
     450|| ''' Service ''' || ''' Description ''' || ''' Required ''' || ''' Object ''' ||
     451|| SLICE || Managing generation, renewal of slice credentials and slice lookup services || YES || SLICE ||
     452|| SLICE_MEMBER ||Defining and managing roles of members with respect to slices || NO || ||
     453|| SLIVER_INFO || Providing information about what Aggregates have reported having slivers for a given slice. Non-authoritative/advisory || NO || SLIVER_INFO ||
     454|| PROJECT || Defining projects (groupings of slices) and project lookup services || NO || PROJECT ||
     455|| PROJECT_MEMBER || Defining and managing roles of members with respect to projects || NO || ||
    453456
    454457== Slice Service Methods ==
     
    776779Like the Slice Authority, the Member Authority provides a set of services each consisting of a set of methods. Some services are required for any MA implementation, others are optional, as indicated by this table:
    777780
    778 || '''Service''' || '''Description''' || '''Required''' ||
    779 || MEMBER || Services to  lookup and update information about members || YES ||
    780 || KEY || Services to support storing, deleting and retrieving keys (e.g. SSH)  for members || NO ||
     781|| '''Service''' || '''Description''' || '''Required''' || '''Object'''
     782|| MEMBER || Services to  lookup and update information about members || YES || MEMBER ||
     783|| KEY || Services to support storing, deleting and retrieving keys (e.g. SSH)  for members || NO || KEY ||
    781784
    782785== Member Service Methods ==