Privileges in the Reference Implementation

In general, the API specifies the format for ProtoGENI credentials and the means by which they are presented to authorities (e.g. component managers), but does not describe precisely which privileges are required to carry out particular operations. This is a deliberate omission, and such policy decisions are left to be made by component operators and/or federation administrators.

Consequently, client authors and end users cannot assume in advance that any privilege held is or is not sufficient to invoke any given operation. The correct approach is to attempt an RPC call, and handle any GENIRESPONSE_FORBIDDEN response (error code 3) which might be returned. The user might be able to proceed by retrying the operation with extra privileges supplied (perhaps by requesting delegation of the privileges from another principal).

However, it is certainly useful for site operators to document their privilege policies. (Such documentation can be a useful guide to the user in deciding which extra privileges to request.) The privileges which a default installation of the reference implementation will require are as follows:

Slice Authority

Unprivileged operations

The GetVersion and GetCredential operations requires no privileges other than the valid ProtoGENI certificate used to establish the SSL connection. Naturally, the output of GetCredential will vary depending on which privileges are actually recorded by the server.

Informational operations

The following informational operations require a slice credential which includes either or both of the authority or resolve privileges:

• Resolve
• DiscoverResources
• GetKeys

Registration operations

These operations require a slice credential with either or both of the authority or refresh privileges:

• Register
• Remove

The Register operation returns a new slice credential with universal privilege, owned by the principal performing the registration. Delegation of this new credential is permitted.

Special operations

Lastly, the BindToSlice call requires a slice credential with pi or bind privileges, and Shutdown requires pi or control.

Component Manager

Unprivileged operations

The GetVersion, Resolve and DiscoverResources operations requires no privileges other than the valid ProtoGENI certificate used to establish the SSL connection.

Informational operations

The following informational operations require a slice or sliver credential which includes either or both of the pi or info privileges:

• GetSliver
• SliceStatus
• SliverStatus
• SliverTicket

Ticket operations

The following operations modifying tickets require a slice or sliver credential which includes at least one of the pi, instantiate or bind privileges:

• GetTicket
• UpdateTicket

The ReleaseTicket operation does not require specific additional privileges, but since a ticket is a type of credential, the ticket being released must be valid and issued (or delegated) to the principal presenting it.

Manipulation operations

The following operations (which manipulate slivers) require a slice or sliver credential which includes at least one of the pi, instantiate or control privileges:

• RedeemTicket
• DeleteSliver
• DeleteSlice
• SplitSliver
• UpdateSliver
• StartSliver

Special operations

Lastly, the BindToSlice call requires a slice credential with pi or bind privileges, and Shutdown requires pi, instantiate or control. (However, Shutdown would normally be invoked by the clearinghouse.) Other clearinghouse operations include:

• ListUsage
• ListTickets
• ListHistory

and no other principal is permitted to invoke those.

Slice Embedding Service

Neither the GetVersion nor the Map operation require any priveleges other than the valid ProtoGENI certificate used to establish the SSL connection.