| | 1 | [[TOC]] |
| | 2 | |
| | 3 | = DETER Testbed API = |
| | 4 | |
| | 5 | This is the beginning of the living document that will document the DETER testbed API> |
| | 6 | |
| | 7 | == User Features == |
| | 8 | |
| | 9 | A '''user''' is a researcher who uses the DETER testbed. They request testbed services and allocate testbed resources. Each call on the API is performed by a user. A user is identified by a string unique to DETER, teh username. |
| | 10 | |
| | 11 | === User Meta-data === |
| | 12 | |
| | 13 | In addition to the user identifier DETER keeps meta-data about all users. Currently that meta-data consists of: |
| | 14 | |
| | 15 | * Projects the user is in (see below) |
| | 16 | * Experiments the user owns (see below) |
| | 17 | * A password to authenticate the user |
| | 18 | * A valid e-mail address for communication and password resetting |
| | 19 | * Resource access information, e.g., |
| | 20 | * ssh public keys |
| | 21 | * windows authentication credentials |
| | 22 | * General metadata, e.g, |
| | 23 | * Real name |
| | 24 | * Affiliation |
| | 25 | * Phone number |
| | 26 | * Address |
| | 27 | |
| | 28 | The API provides an authenticated user (see below) with several interfaces to query and modify their profile information. |
| | 29 | |
| | 30 | In the API each element of profile data is represented as a structure with the following data in it: |
| | 31 | |
| | 32 | * name of the element |
| | 33 | * type of the element |
| | 34 | * string |
| | 35 | * integer |
| | 36 | * double |
| | 37 | * binary/opaque |
| | 38 | * lists of any of the above |
| | 39 | * a flag set if the element is optional |
| | 40 | * a modification type: elements may be read/write, read-only (e.g., username) or write-only (e.g., password) |
| | 41 | * a brief description of the field, intended to be presented by a web interface or other third party program |
| | 42 | |
| | 43 | === Authenticating as a User === |
| | 44 | |
| | 45 | A user represnts themself to the testbed by presenting proof that they hold a public key, for example through an SSL connection. The testbed determines what operations a user can carry out based on an ABAC-encoded policy that grants rights to users and binds keys to users. A user is issued a public key periodically by DETER, but also can request a short lived temporary key at any time by authenticating against a shared password. |
