List of fields considered for the record identity block of the usage record¶
The following fields are considered for inclusion in a record identity block in a usage record. Each resources will have its own specific block. This specific block is reserved to the attributes that describes the record identity.
RecordIdentityBlock¶
This is the block property of the Usage Record identity field.
Example
<ur:RecordIdentityBlock> <!— Identity properties go in here --> </ur:RecordIdentityUsageBlock>
Comments:¶
Ralph: ok
Mike J: OK, but perhaps need some more detail: what can we expect to see in this block
<IdentityBlock> <anonymous/> <DN authorisaition="true">string</DN> <uid>n</uid> <ip authorisation="false">n.n.n.n</ip> ... </IdentityBlock>
Jon: Changed this block to be RecordIdentityBlock, moved SubjectIdentity to separate block.
recordId¶
A record identity uniquely defines a record in the set of all usage record for the grid
implementation. recordId is an opaque string;
Comments:¶
Ralph: In StAR we defined two attributes: create time and ID
Mike J: OK but if using the StAR example above need to specify that sr:recordId is an opaque string; if you want host info this should be in its own attribute/node
Jon: renamed field from RecordIdentity to recordID not to confuse it with RecordIdentityBlock, agree it should be an opaque string.
createTime¶
The createTime attribute describes when the record was created.
Comments:¶
recorderId¶
The recorderId gives information on who created the record.
Comments:¶
Mike J: Suggest a mockup for the wiki: The following is an example straw-man of what I would like to see (it is not agreed nor a summary of the above)
<usage> <recordIdentity> <creationTime>[When the record is cut]</creationTime> <recordID>[unique opaque ID]</recordID> <recorderID type="DN">[DN of host cutting the record]</recorderID> || <recorderID type="IP">[IP address of host curring the record]</recorderID> </recordIdentity> <identity> <!-- There may be other examples of the following. One of the following needs to have an attribute defining that it was used for authorisation --> <Id individual="true" type="anonymous"/> || <Id individual="true"type="DN" scope="global|local">[DN]</userId>? <Id individual="true" type="IP" scope="global|local">[IP]</userId>? <Id individual="true" type="UID" scope="site|local">[ID]</userId>? <ID individual="false" type="GID" scope="site|local">[ID]</groupID>? <ID individual="false" type="VOMS"> <authority type="DN">[VOMS AC Issuer/Server certificate]</authority> <method>AC|List|SAML</method> </groupID> <ID individual="false" type="GID" scope="site|local">[GID]</groupID> <ID individual="false" type="IP" scope="local|global"> <IP mask="255.255.0.0">[IP]</IP>+ </groupID> </identity> ... </usage>