Changes between Version 20 and Version 21 of NewTestbedAPISpec

Timestamp:

Sep 11, 2013 10:41:40 AM (11 years ago)

Author:

faber

Comment:

Users API updates

NewTestbedAPISpec

@@ -71 +71 @@
 === Authentication ===
 
-A user can authenticate to the testbed and receive a short-lived client x.509 certificate by requesting a challenge using the {{{requestChallenge}}} operation and responding to the challenge via the {{{challengeResponse}}} operation.
+A user's identity is tied to an X.509 client certifcate issued by DETER.  A certificate is bound to one user at a time, but a person can logout and log in as a different DETER user using the same certificate by presenting a different password, or logging out, which severs the connection of user to certificate.
+
+A user can get a DETER-signed certificate by logging in without presenting an existing DETER-signed certificate.  For example, the first time a user logs in, they will get a DETER-signed certificate.
+
+A UI is welcome to keep one certificate for a session, or to reuse the certificates until they expire.  The certificates are issued with several years of valid time.
+
+A user can authenticate to the testbed and receive an X.509 certificate by requesting a challenge using the {{{requestChallenge}}} operation and responding to the challenge via the {{{challengeResponse}}} operation.
 
 Currently only one challenge is available, type "clear".  The challenge has no data and the user replies with their password in clear text.  Note that the exchange is protected by the SSL encrypted exchange, but implementors should not respond to clear challenges with parameters in the query string.  The "masked" challenge will address this issue shortly.
@@ -86 +92 @@
    * ChallengeID - a 64-bit identifier that allows the server to validate the reply
 
-Each challenge is valid for 2 minutes and are rate limited.  Web interfaces should collect the password from the user before requesting a challenge from the API to avoid spurious timeouts.
+Each challenge is valid for 2 minutes and are rate-limited.  Web interfaces should collect the password from the user before requesting a challenge from the API to avoid spurious timeouts.
 
  * '''Service:''' Users
@@ -94 +100 @@
   * ChallengeID - The 64-bit identifier of the challenge being responded to
  * '''Return Values''':
-  * Certificate - a binary string containing a PEM-encoded X.509 certificate and private key. (Passed down the encrypted connection)
-
-The certificate returned by the challenge is signed by the testbed.
+  * Certificate - an optional  binary string containing a PEM-encoded X.509 certificate and private key. (Passed down the encrypted connection)  If the user presented a certificate on this connection, no credential is returned.
+
+Any certificate returned by the challenge is signed by the testbed.
+
+The binding between user and certificate lasts 24 hours.  It can be renewed by making another login exchange.  A UI may want to prompt a user to login again before the binding times out.
+
+ * '''Service:''' Users
+ * '''Operation:''' logout
+ * '''Input Parameters:'''
+  * None
+ * '''Return Values:'''
+  * None
+
+Removes the user-to-certificate binding for this certificate.  The certificate can be reused or discarded, but cannot be used to manipulate the testbed without another successful requestChallenge/challengeResponse exchange.
+
 
 === Password Changes ===
@@ -110 +128 @@
   * newPass - the new passowrd
  * '''Return Values''':
-  * a boolean, true if successful, but most errors will throw a fault
+  * a boolean, true if successful, but errors will throw a fault
 
 We expect that the web interface will handle issues like confirming user input to a password change page.  The changePassword call just makes the change directly.
@@ -124 +142 @@
   * a boolean, true if successful, but most errors will throw a fault
 
-Again, we expect this call to generally be made from a web interface that will then want to present an input form to the in order to reset their password.  The urlPrefix field provides that hook.  A web interface running on !https://niftydeter.com might call requestPasswordReset with parameters 'forgetfuluser' and '!https://niftydeter.com/reset.html?challenge='.  After that call forgetfuluser will get e-mail asking him or her to access the web page at !https://niftydeter.com/reset.html?challenge=1283548127541824, allowing {{{niftydeter.com}}} to present their password change interface, and do error checking, ete. on the new password.
-
-Each challenge is valid for 2 hours, and they are rate limited so only a few can be outstanding.
+Again, we expect this call to generally be made from a web interface that will then want to present an input form to the in order to reset their password.  The urlPrefix field provides that hook.  A web interface running on !https://niftydeter.com might call requestPasswordReset with parameters 'forgetfuluser' and '!https://niftydeter.com/reset.html?challenge='.  After that call forgetfuluser will get e-mail asking him or her to access the web page at !https://niftydeter.com/reset.html?challenge=1283548127541824, allowing {{{niftydeter.com}}} to present their password change interface, and do error checking, etc. on the new password.
+
+Each challenge is valid for 2 hours, and they are rate-limited so only a few can be outstanding.
 
 With a valid challenge in hand, the web interface can call
@@ -154 +172 @@
  * a flag set if the element is optional
  * A flag set if the field can be removed from the profile
- * a modification type: elements may be read/write, read-only (e.g., username) or write-only (e.g., password)
+ * a modification type: elements may be read/write, read-only (e.g., username) or write-only (e.g., some shared secret) (valid strings are at [http://www.isi.edu/~faber/tmp/DeterAPI/doc/constant-values.html the constants documentation.]
  * a brief description of the field, intended to be presented by a web interface or other third party program
  * an ordering hint for web interfaces presenting the data to users, an integer
@@ -174 +192 @@
        * binary/opaque
      * Value - a string containing the element's value
-     * Access - a 32-bit integer describing the access values (values at [http://www.isi.edu/~faber/tmp/doc/net/deterlab/testbed/user/UserAttribute.html Attribute's javadoc])
-       * READ_WRITE
-       * READ_ONLY
-       * WRITE_ONLY (e.g., password)
+     * Access - a string describing the access values (values at [http://www.isi.edu/~faber/tmp/DeterAPI/doc/constant-values.html javadoc as described above])
      * Optional - a flag true if the field is optional (must be present but may be empty)
      * Removable - a flag true if the field can be removed
@@ -202 +217 @@
        * binary/opaque
      * Value - a string containing the element's value
-     * Access - a 32-bit integer describing the access values (values at [http://www.isi.edu/~faber/tmp/doc/net/deterlab/testbed/user/UserAttribute.html Attribute's javadoc])
-       * READ_WRITE
-       * READ_ONLY
-       * WRITE_ONLY (e.g., password)
+     * Access - a string describing the access values (values at [http://www.isi.edu/~faber/tmp/DeterAPI/doc/constant-values.html javadoc as described above])
      * Optional - a flag true if the field is optional (must be present but may be empty)
      * Removable - a flag true if the field can be removed
@@ -236 +248 @@
 Each notification has a set of flags that define its state.  Currently there are 2
 
- * '''READ''' bit 0 (low order bit) true if the user has read the notification
- * '''URGENT''' bit 1 true if the testbed considers this urgent information
-
-The user is free to change this state using the markNotifications call.  Note that notifications are per-user.  A user who clears the READ or URGENT bit does not clear the bit for other recipients of the notification.
+ * '''READ''' true if the user has read the notification
+ * '''URGENT'''true if the testbed considers this urgent information
+
+The user is free to change this state using the markNotifications call.  Note that notifications are per-user.  A user who clears the READ or URGENT flag does not clear the flag for other recipients of the notification.
 
  
@@ -248 +260 @@
    * FirstDate - an optional date.  If present only show notifications after that date
    * LastDate - an optional date.  If present only show notifications before that date
-   * Flags - a 32-bit integer of flags. Only notifications that match the flags state after the mask is applied are returned
-   * Mask - A 32-bit mask of the bits to consider in the flags field.
+   * Flags - A potentially empty list of flags to check.  If a flag's name appears in this list, only notifications with their flag in the given state are returned.
+     * Tag - a string, the name of the flag
+     * isSet - a boolean, true if the flag should be set
  * '''Return Values:'''
    * A list of responses each containing
      * ID - a 64-bit integer identifying the notification
-     * Flags - the message state
+     * Flags - the notification state in the format
+       * Tag - a string, the name of the flag
+       * isSet - a boolean, true if notifications with the flag set should be returned, false if notifications with the flag unset should be returned
      * Sent - the date the notification was issued
      * Text - the text of the notification
@@ -269 +284 @@
    * Userid - the user's identity to gather notifications
    * Ids - an array of 64-bit integers, the identifiers of the notifications to mark
-   * Flags - a 32-bit integer of flags to change. Notifications will have their flags field set to the value in this field if the corresponding mask bit is set.
-   * Mask - A 32-bit mask of the bits to consider in the flags field.
+   * Flags - A list of flags to modify.  If a flag's name appears in this list, notifications will have their flag set to the given value.
+     * Tag - a string, the name of the flag
+     * isSet - a boolean, true if the flag should be set, false if it should be unset
  * '''Return Values:'''
    * None
@@ -281 +297 @@
    * Users - a list of uids to receive the notification
    * Projects - a list of projects to receive the notification.  All users in the project will receive it
-   * Flags - the initial notification state for each user
+   * Flags - A list of initial flag values.  If a flag's name appears in this list, notifications will have their flag set to the given value.  Flags that do not appear will be unset.
+     * Tag - a string, the name of the flag
+     * isSet - a boolean, true if the flag should be set, false if it should be unset
    * Text - the content of the notification
  * '''Return Values:'''
@@ -346 +364 @@
    * Type - the type (STRING, INT, FLOAT, OPAQUE)
    * Optional - a boolean, true if this attribute is optional
-   * Access - an integer the user's ability to modify (READ_WRITE, READ_ONLY, WRITE_ONLY, NO_ACCESS)
+   * Access - a string: the user's ability to modify (READ_WRITE, READ_ONLY, WRITE_ONLY, NO_ACCESS)
    * Description - natural language description of the field (optional)
    * Format - a regular expression describing the format (optional)
@@ -373 +391 @@
    * Type - the type (STRING, INT, FLOAT, OPAQUE)
    * Optional - a boolean, true if this attribute is optional
-   * Access - an integer the user's ability to modify (READ_WRITE, READ_ONLY, WRITE_ONLY, NO_ACCESS)
+   * Access - a string: the user's ability to modify (READ_WRITE, READ_ONLY, WRITE_ONLY, NO_ACCESS)
    * Description - natural language description of the field (optional)
    * Format - a regular expression describing the format (optional)