Class Authorization_Service
GENI Clearinghouse Authorization Service (AZ) controller interface
The Authorization Service allows for storing of two kinds of credentials:
Note that the current clearinghouse implementation refers to this service as the "Credential Store', offered by 'cs_controller.php'. This is intended to change to the authorization Service and 'authz_controller.php' in upcoming releases. But the client interface will be unaffected by this name change.
Supports 4 'write' interfaces:
Supports 4 'read' interfaces:
The Authorization Service allows for storing of two kinds of credentials:
- Attributes (signed assertions that principal P has attribute A, possibly in context C)
- Policies (signed statements that principals with attribute A possibly in context X have a given privilege)
Note that the current clearinghouse implementation refers to this service as the "Credential Store', offered by 'cs_controller.php'. This is intended to change to the authorization Service and 'authz_controller.php' in upcoming releases. But the client interface will be unaffected by this name change.
Supports 4 'write' interfaces:
- id <= create_assertion(principal, attribute, context_type, context)
- id <= create_policy(attribute, context_type, privilege)
- success/failure <= renew_assertion(id)
- success/failure <= delete_policy(id);
Supports 4 'read' interfaces:
- assertions <= query_assertions(principal, context_type, context)
- policies <= query_policies();
- success/failure <= request_authorization(principal, action, context_type, context)
- permissions <= get_permissions(principal)
public
string
|
#
create_assertion( dict $args_dict )
Create an assertion of a given principal having a given attribute (role) with respect to a given context. |
public
string
|
|
public
boolean
|
|
public
boolean
|
|
public
boolean
|
|
public
boolean
|
|
public
array
|
#
query_assertions( dict $args_dict )
Return a list of assertions for a given principal |
public
array
|
#
query_policies( dict $args_dict )
Return a list of all policies in authorization service's credential store |
public
boolean
|
#
request_authorization( dict $args_dict )
Return whether a given principal is allowed to take a given action in a given context. |
public
array
|
|
public
number
|