Changes between Version 28 and Version 29 of SPIDocs


Ignore:
Timestamp:
Sep 30, 2014 11:31:47 AM (7 years ago)
Author:
faber
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SPIDocs

    v28 v29  
    7474  Low level testbed administration
    7575 Circles::
    76   Manipulation of Circles
     76  Manipulation of [wiki:SPIDocs#Circles Circles]
    7777 Experiments::
    78   Manipulation of Experiments
     78  Manipulation of [wiki:SPIDocs#Experiments Experiments]
    7979 Libraries::
    80   Manipulation of Libraries
     80  Manipulation of [wiki:SPIDocs#Libraries Libraries]
    8181 Projects::
    82   Manipulation of Projects
     82  Manipulation of [wiki:SPIDocs#Projects Projects]
    8383 Users::
    8484  Manipulation of [wiki:SPIDocs#Users Users]
     
    699699
    700700These are documented below.
     701
     702=== Other Services ===
     703
     704The `ApiInfo` and `Admin` [wiki:SPIDocs#Services services] do not directly manipulate the major abstractions.  `ApiInfo` is useful to many applications whil `Admin` is mostly useful for testbed administrators.
     705
     706==== ApiInfo ====
     707
     708The `ApiInfo` service provides versioning information and some basic application connectivity tests.  It also provides a simple mechanism to get server and client certificates from the system.
     709
     710The `getVersion` operation does not require any login and returns the version and patch level of the implementation running on this server.  If the caller provided an X.509 client certificate, the [https://datatracker.ietf.org/doc/rfc5280/ RFC5280]-defined identifier of the certificate is also returned.
     711
     712The `echo` operation takes and returns a single string argument.  It can be used to confirm that simple SOAP-based parameter passing is working.  The `echo` service does not require a login.
     713
     714The `getServerCertificate` operation returns the X.509 certificate that the server is using to authenticate itself.  An application may need this to make it part of a trust chain.  The certificate is returned as a PEM-encoded string.
     715
     716The `getClientCertificate` operation returns a certificate and an unencrypted private key that an application can use as an identity.  This is essentially the same kind of certificate returned when a [wiki:SPIDoc#Authentication user logs in without a client certificate].  The operation takes a parameter that is recorded as the common name in the X.509 certificate returned.  Both the key and the certificate are returned in PEM format.
     717
     718The certificate retrieval operations are simple enough that they can often be carried out through a web browser without using SOAP at all.
     719
     720==== Admin ====
     721
     722The `Admin` service provides a few operations useful to administrators.
     723
     724The `addPermission` call installs a new permission into the system.  This is only done when adding new functionality to the system or initially creating a server.  It takes 2 parameters, the permission name and the kind of object it is valid for.
     725
     726The `bootstrap` call creates a basic system from scratch.  If there is no admin user nor a project called admin, such a user, `deterboss` is created in the `admin` project.  `deterboss` owns `admin` and `admin is approved`.  The world circle and a few projects needed for regression tests are also created.  The password for the `deterboss` user is returned.  From here an application can build a server using the operations above.
     727
     728The `clearCredentialCache` and `resetAccessControl` calls change the system's policy.  In the first case, any cached policies are removed from memory.  In the second case all the cached policies are removed and all policies system-wide are recreated.  These are rarely used operations.
     729