This is the beginning of the living document that will document the DETER testbed API>
A user is a researcher who uses the DETER testbed. They request testbed services and allocate testbed resources. Each call on the API is performed by a user. A user is identified by a string unique to DETER, teh username.
In addition to the user identifier DETER keeps meta-data about all users. Currently that meta-data consists of:
The API provides an authenticated user (see below) with several interfaces to query and modify their profile information.
In the API each element of profile data is represented as a structure with the following data in it:
A user represnts themself to the testbed by presenting proof that they hold a public key, for example through an SSL connection. The testbed determines what operations a user can carry out based on an ABAC-encoded policy that grants rights to users and binds keys to users. A user is issued a public key periodically by DETER, but also can request a short lived temporary key at any time by authenticating against a shared password.