Changes between Version 8 and Version 9 of SPIDocs

Sep 16, 2014 10:03:26 AM (10 years ago)



  • SPIDocs

    v8 v9  
    6464This section describes the SPI abstractions and operations that application writers will use.  We are concerned with how to put the concepts into use and how they interrelate with each other.  Below we describe the detailed interface.
     66=== Services ===
     68The SPI is broken up into services that implement the various abstractions.  Each major abstraction presents its own service, and there are a few others for administration and information.  Each service is a separate SOAP/WSDL service and has its own contact point.  We break them up this way to keep the specification reasonably sized for both people and computers.
     70The services in the SPI are:
     71 ApiInfo::
     72  Version information and test interfaces.  Client and server certificate distribution.
     73 Admin::
     74  Low level testbed administration
     75 Circles::
     76  Manipulation of circles
     77 Experiments::
     78  Manipulation of Experiments
     79 Libraries::
     80  Manipulation of Libraries
     81 Projects::
     82  Manipulation of Projects
     83 Users::
     84  Manipulation of Users
    6686=== Profiles ===
    166186=== Users ===
    168 A user represents a researcher using the testbed
     188A user represents a researcher using the testbed.  Most operations in the SPI are carried out on behalf of a user.  Users must authenticate themselves to the testbed in order to carry out such operations.  Users own other instances, for example a user owns experiments or projects that they create.  Ownership is both an auditing construct - the testbed can determine which researcher configured which objets - and through policy assigns some rights to carry out operations.  The owner of an experiment has rights outside those specified by the circles the owner belongs to.
     190In order for a user to carry out operations on the testbed, the user must log in to the testbed.  When requests are made to the SPI they are made through a secure connection where client and server (that is user and testbed) are identified by an X.509 certificate.  The login process binds an X.509 certificate used to make a secure connection to a user instance in the testbed used to determine rights.
     192The simplest way to log in through the SPI is to call the `requestChallenge` operation on the `Users` service.