Authorization_Service |
GENI Clearinghouse Authorization Service (AZ) controller interface
The Authorization Service allows for storing of two kinds of credentials:
- Attributes (signed assertions that principal P has attribute A, possibly in
context C)
- Policies (signed statements that principals with attribute A possibly in
context X have a given privilege)
Note that the current clearinghouse implementation refers to this service as the
"Credential Store', offered by 'cs_controller.php'. This is intended to change
to the authorization Service and 'authz_controller.php' in upcoming releases.
But the client interface will be unaffected by this name change.
Supports 4 'write' interfaces:
- id <= create_assertion(principal, attribute, context_type, context)
- id <= create_policy(attribute, context_type, privilege)
- success/failure <= renew_assertion(id)
- success/failure <= delete_policy(id);
Supports 4 'read' interfaces:
- assertions <= query_assertions(principal, context_type, context)
- policies <= query_policies();
- success/failure <= request_authorization(principal, action, context_type,
context)
- permissions <= get_permissions(principal)
|