Overview

Namespaces

  • Authorization_Service
  • Logging_Service
  • Member_Authority
  • Overview
  • Project_Authority
  • Service_Registry
  • Slice_Authority

Classes

  • Authorization_Service
  • Overview
  • Namespace
  • Class
  • Tree

Class Authorization_Service

GENI Clearinghouse Authorization Service (AZ) controller interface

The Authorization Service allows for storing of two kinds of credentials:
  • Attributes (signed assertions that principal P has attribute A, possibly in context C)
  • Policies (signed statements that principals with attribute A possibly in context X have a given privilege)


Note that the current clearinghouse implementation refers to this service as the "Credential Store', offered by 'cs_controller.php'. This is intended to change to the authorization Service and 'authz_controller.php' in upcoming releases. But the client interface will be unaffected by this name change.

Supports 4 'write' interfaces:
  • id <= create_assertion(principal, attribute, context_type, context)
  • id <= create_policy(attribute, context_type, privilege)
  • success/failure <= renew_assertion(id)
  • success/failure <= delete_policy(id);


Supports 4 'read' interfaces:
  • assertions <= query_assertions(principal, context_type, context)
  • policies <= query_policies();
  • success/failure <= request_authorization(principal, action, context_type, context)
  • permissions <= get_permissions(principal)
Namespace: Authorization_Service
Located at authz_controller.php
Methods summary
public string
# create_assertion( dict $args_dict )

Create an assertion of a given principal having a given attribute (role) with respect to a given context.

Create an assertion of a given principal having a given attribute (role) with respect to a given context.

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "principal" : UUID of principal about whom assertion is made
  • "attribute" : id/index of attribute type
  • "context_type" : type of context in which assertion holds
  • "context" : UUID of context (if any) for which assertion holds

Returns

string
ID of assertion
public string
# create_policy( dict $args_dict )

Create a policy and store in AZ

Create a policy and store in AZ

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("create_policy")
  • "attribute" : id/index of attribute type
  • "context_type" : type of context in which attribute holds
  • "privilege" " id/index of privilege type

Returns

string
ID of policy
public boolean
# delete_assertion( dict $args_dict )

Delete a given assertion with given ID

Delete a given assertion with given ID

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("delete_assertion")
  • "id" - ID of assertion to be deleted

Returns

boolean
Success / Failure
public boolean
# delete_policy( dict $args_dict )

Delete a given policy of given ID

Delete a given policy of given ID

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("delete_policy")
  • "id" : ID of assertion to be renewed

Returns

boolean
Success / Failure
public boolean
# renew_assertion( dict $args_dict )

Renew a given assertion with given ID

Renew a given assertion with given ID

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("renew_assertion")
  • "id" : ID of assertion to be renewed

Returns

boolean
Success / Failure
public boolean
# renew_policy( dict $args_dict )

*** NOT IMPLEMENTED! *** Renew a given policy with given ID

*** NOT IMPLEMENTED! *** Renew a given policy with given ID

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("renew_assertion")
  • "id" : ID of policy to be renewed

Returns

boolean
Success / Failure
public array
# query_assertions( dict $args_dict )

Return a list of assertions for a given principal
possibly in a given context

Return a list of assertions for a given principal possibly in a given context

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("query_assertions")
  • "principal" : UUID of principal
  • "context_type" : type of context
  • "context" : UUID of context (if any)n

Returns

array
List of assertions matching given query
public array
# query_policies( dict $args_dict )

Return a list of all policies in authorization service's credential store

Return a list of all policies in authorization service's credential store

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("query_policies")

Returns

array
List of all policies in AZ's credential store
public boolean
# request_authorization( dict $args_dict )

Return whether a given principal is allowed to take a given action in a given context.

Return whether a given principal is allowed to take a given action in a given context.

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("query_policies")
  • "principal" : UUID of principal about whom authorization is requested
  • "action" : name of action for which authorization is requested
  • "context_type" : context type about which authorization is requested
  • "context" " context_id about which authorization is requested [optional]

Returns

boolean
Success / Failure of authorization request
public array
# get_permissions( dict $args_dict )

Get the permissions (allowed actions) for a given principal

Get the permissions (allowed actions) for a given principal

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("query_policies")
  • "principal" : UUID of principal about which actions are being requested

Returns

array
List of action, context_type, context_id tuples for which principal has authorization
public number
# get_version( dict $args_dict )

Get the version of the API of this particular service provider

Get the version of the API of this particular service provider

Parameters

$args_dict
dict
$args_dict Dictionary containing 'operation' argument

Returns

number
Version of API of this particular service provider
API documentation generated by ApiGen 2.8.0