tcmitchell
commented
8 years ago @nbastin See the description of privileges in #498. The possibilities are "pi", "user", and "none". Project credentials are never delegatable.
Closed nbastin closed 8 years ago
tcmitchell
commented
8 years ago @nbastin See the description of privileges in #498. The possibilities are "pi", "user", and "none". Project credentials are never delegatable.
tcmitchell
commented
8 years ago A sample "pi" (lead/admin) project credential is available for feedback:
nbastin
commented
8 years ago That looks good - I'm not sure what the emulab one looks like but I can deal with them being different.
tcmitchell
commented
8 years ago We can adjust if these differ from what emulab generates.
If you still want the project URN added to the slice credentials please open a new issue, thanks.
(Tracking also at https://gitlab.flux.utah.edu/emulab/emulab-devel/issues/42)
I would like a signed statement of some kind that asserts that a given user URN has a given role in a project managed by a given clearinghouse. Implementing this as a
get_credentialscall on the project service is probably the most consistent thing to do.A short (24 hour?) duration is fine (this is already how emulab handles user credentials, so it's not inconsistent with an existing pattern).