Closed nbastin closed 8 years ago
@nbastin See the description of privileges in #498. The possibilities are "pi", "user", and "none". Project credentials are never delegatable.
A sample "pi" (lead/admin) project credential is available for feedback:
That looks good - I'm not sure what the emulab one looks like but I can deal with them being different.
We can adjust if these differ from what emulab generates.
If you still want the project URN added to the slice credentials please open a new issue, thanks.
(Tracking also at https://gitlab.flux.utah.edu/emulab/emulab-devel/issues/42)
I would like a signed statement of some kind that asserts that a given user URN has a given role in a project managed by a given clearinghouse. Implementing this as a
get_credentials
call on the project service is probably the most consistent thing to do.A short (24 hour?) duration is fine (this is already how emulab handles user credentials, so it's not inconsistent with an existing pattern).