Overview

Namespaces

  • Authorization_Service
  • Logging_Service
  • Member_Authority
  • Overview
  • Project_Authority
  • Service_Registry
  • Slice_Authority

Classes

  • Member_Authority
  • Overview
  • Namespace
  • Class
  • Tree

Class Member_Authority

GENI Clearinghouse Member Authority (MA) controller interface

The MA maintains a set of members and their UUIDs and their attributes and associated query mechanisms. The MA maintains a set of SSL keys and certs, both 'inside' and 'outside' for given users. Additionally, the MA maintains a mapping of members to the client tools (e.g. the GENI Portal) that the member has authorized to speak on his/her behalf. Finally, the MA maintains a set of SSH keys for a given member for passing to resources as needed.

Supports these methods:
  • success <= register_ssh_key(member_id, ssh_filename, ssh_description, ssh_public_key, [ssh_private_key])
  • [id, member_id, filename, description, public_key, private_key]* <= lookup_ssh_keys(member_id)
  • success <= update_ssh_key(member_id, ssh_key_id, ssh_filename, ssh_description)
  • success <= delete_ssh_key(member_id, ssh_key_id)
  • [private_key, certificate]* <= lookup_keys_and_certs(member_id)
  • member_id <= create_account(attributes)
  • [client_name, client_urn]* <= ma_list_clients()
  • [client_name, client_urn]* <= ma_list_authorized_clients(member_id)
  • success <= ma_authorize_client(member_id, client_urn, authorize_sense)
  • [member_id]* <= lookup_members(attributes)
  • [member_id, [name value self_asserted]*] <= lookup_member_by_id(member_id)
  • success <= add_member_privilege(member_id, privilege_id)
  • success <= revoke_member_privilege(member_id, privilege_id)


Future (i.e. not yet available) methods include:
  • upload_ssl_keys
  • revoke_certificate
Namespace: Member_Authority
Located at ma_controller.php
Methods summary
public boolean
# register_ssh_key( dict $args_dict )

Register SSH public key with given user

Register SSH public key with given user

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("register_ssh_key")
  • "member_id" : ID of member about whom SSH key is to be registered
  • "ssh_filename" : filename containing public SSH key (upload case)
  • "ssh_description" : Description of given SSH key
  • "ssh_public_key" : SSH public key value
  • "ssh_private_key" : SSH private key value (optional: generate key pair case)

Returns

boolean
Success/Fail
public array
# lookup_ssh_keys( dict $args_dict )

Return all SSH keys associated with given member

Return all SSH keys associated with given member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("lookup_ssh_keys")
  • "member_id" : ID of member about whom SSH key is to be registered

Returns

array
List of SSH key info (member_id, filename, description, public_key, private_key) for given member
public boolean
# update_ssh_key( dict $args_dict )

Update key pair associated with member

Update key pair associated with member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("update_ssh_key")
  • "member_id" : ID of member about whom to update SSH key
  • "ssh_key_id" : ID of SSH key pair for member
  • "ssh_filename" : filename containing public SSH key
  • "ssh_description" : New description of SSH key pair for member

Returns

boolean
Success/Failure
public boolean
# delete_ssh_key( dict $args_dict )

Remove key pair associated with member

Remove key pair associated with member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("delete_ssh_key")
  • "member_id" : ID of member about whom to delete ssh key pair
  • "ssh_key_id" : ID of SSH key pair for member

Returns

boolean
Success/Failure
public Dictionary
# lookup_keys_and_certs( dict $args_dict )

Lookup inside keys/certs associated with a user UUID.

Lookup inside keys/certs associated with a user UUID.

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("lookup_keys_and_certs")
  • "member_id" : ID of member about whom inside keys and certs are desired

Returns

Dictionary
containing a private key and certificate for given member
public UUID
# create_account( dict $args_dict )

Create new user account with given attributes.
Required attributes: email_address, first_name, last_name, telephone_number

Create new user account with given attributes. Required attributes: email_address, first_name, last_name, telephone_number

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("create_account")
  • "attributes" : Dictionary of attributes (required keys: email_address, first_name, last_name, telephone_number) of member account to be created.

Returns

UUID
of newly created member
public List
# ma_list_clients( dict $args_dict )

Get all client tools registered with the MA as potentially authorized for use by members

Get all client tools registered with the MA as potentially authorized for use by members

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("ma_list_clients")

Returns

List
of (name => URN) pairs of registered tools
public List
# ma_list_authorized_clients( dict $args_dict )

Get all client tools registered with the MA for given user

Get all client tools registered with the MA for given user

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("ma_list_authorized_clients")
  • "member_id" : UUID of given member for whom to return registered client tools

Returns

List
of (name => URN) pairs of registered tools for given member
public boolean
# ma_authorize_client( dict $args_dict )

Authorize/Deauthorize given tool for use by given member

Authorize/Deauthorize given tool for use by given member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("ma_authorize_client")
  • "member_id" : UUID of given member for whom to return registered client tools
  • "client_urn" : URN of given client tool
  • "authorize_sense" : True for authorize, False for deauthorize

Returns

boolean
Success/Failure
public List
# lookup_members( dict $args_dict )

Return list of members satisfying the 'and' of a provided set of name/value attributes

Return list of members satisfying the 'and' of a provided set of name/value attributes

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("looukp_members")
  • "attributes" : Dictionary of name/value pairs the 'and' of which is applied to query for registered members

Returns

List
of UUIDs of members registered with MA satisfying attributes
public Dictionary
# lookup_member_by_id( dict $args_dict )

Return name/value attribute information about given member by UUID

Return name/value attribute information about given member by UUID

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("looukp_member_by_id")
  • "member_id" : UUID of member about whom information is requested

Returns

Dictionary
of name/value pairs associated with member
public boolean
# add_member_privilege( dict $args_dict )

Add new privilege to given member

Add new privilege to given member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("add_member_privilege")
  • "member_id" : UUID of member about whom to add privilege
  • "privilege_id" : Type of privilege added to member

Returns

boolean
Success/Failure
public boolean
# revoke_member_privilege( dict $args_dict )

Revoke privilege to given member

Revoke privilege to given member

Parameters

$args_dict
dict
$args_dict Dictionary containing name/value pairs:
  • "operation" : name of this method ("revoke_member_privilege")
  • "member_id" : UUID of member about whom to remove privilege
  • "privilege_id" : Type of privilege removed from member

Returns

boolean
Success/Failure
public number
# get_version( dict $args_dict )

Get the version of the API of this particular service provider

Get the version of the API of this particular service provider

Parameters

$args_dict
dict
$args_dict Dictionary containing 'operation' argument

Returns

number
Version of API of this particular service provider
API documentation generated by ApiGen 2.8.0