ConsideredURFieldsRecordID
Version 1 (Jon Kerr Nilsen, 08/08/2012 04:51 AM)
1 | 1 | Jon Kerr Nilsen | h1. List of fields considered for the record identity block of the usage record |
---|---|---|---|
2 | 1 | Jon Kerr Nilsen | |
3 | 1 | Jon Kerr Nilsen | The following fields are considered for inclusion in a record identity block in a usage record. Each resources will have its own specific block. This specific block is reserved to the attributes that describes the record identity. |
4 | 1 | Jon Kerr Nilsen | |
5 | 1 | Jon Kerr Nilsen | ---- |
6 | 1 | Jon Kerr Nilsen | |
7 | 1 | Jon Kerr Nilsen | h2. RecordIdentityBlock |
8 | 1 | Jon Kerr Nilsen | |
9 | 1 | Jon Kerr Nilsen | This is the block property of the Usage Record identity field. |
10 | 1 | Jon Kerr Nilsen | Example |
11 | 1 | Jon Kerr Nilsen | <pre> |
12 | 1 | Jon Kerr Nilsen | <ur:RecordIdentityBlock> |
13 | 1 | Jon Kerr Nilsen | <!— Identity properties go in here --> |
14 | 1 | Jon Kerr Nilsen | </ur:RecordIdentityUsageBlock> |
15 | 1 | Jon Kerr Nilsen | </pre> |
16 | 1 | Jon Kerr Nilsen | |
17 | 1 | Jon Kerr Nilsen | h3. Comments: |
18 | 1 | Jon Kerr Nilsen | |
19 | 1 | Jon Kerr Nilsen | Ralph: ok |
20 | 1 | Jon Kerr Nilsen | Mike J: OK, but perhaps need some more detail: what can we expect to see in this block |
21 | 1 | Jon Kerr Nilsen | <pre> |
22 | 1 | Jon Kerr Nilsen | <IdentityBlock> |
23 | 1 | Jon Kerr Nilsen | <anonymous/> |
24 | 1 | Jon Kerr Nilsen | <DN authorisaition="true">string</DN> |
25 | 1 | Jon Kerr Nilsen | <uid>n</uid> |
26 | 1 | Jon Kerr Nilsen | <ip authorisation="false">n.n.n.n</ip> |
27 | 1 | Jon Kerr Nilsen | ... |
28 | 1 | Jon Kerr Nilsen | </IdentityBlock> |
29 | 1 | Jon Kerr Nilsen | </pre> |
30 | 1 | Jon Kerr Nilsen | |
31 | 1 | Jon Kerr Nilsen | Jon: Changed this block to be RecordIdentityBlock, moved SubjectIdentity to separate block. |
32 | 1 | Jon Kerr Nilsen | |
33 | 1 | Jon Kerr Nilsen | ---- |
34 | 1 | Jon Kerr Nilsen | |
35 | 1 | Jon Kerr Nilsen | h2. recordId |
36 | 1 | Jon Kerr Nilsen | |
37 | 1 | Jon Kerr Nilsen | A record identity uniquely defines a record in the set of all usage record for the grid |
38 | 1 | Jon Kerr Nilsen | implementation. recordId is an opaque string; |
39 | 1 | Jon Kerr Nilsen | |
40 | 1 | Jon Kerr Nilsen | h3. Comments: |
41 | 1 | Jon Kerr Nilsen | |
42 | 1 | Jon Kerr Nilsen | Ralph: In StAR we defined two attributes: create time and ID |
43 | 1 | Jon Kerr Nilsen | Mike J: OK but if using the StAR example above need to specify that sr:recordId is an opaque string; if you want host info this should be in its own attribute/node |
44 | 1 | Jon Kerr Nilsen | Jon: renamed field from RecordIdentity to recordID not to confuse it with RecordIdentityBlock, agree it should be an opaque string. |
45 | 1 | Jon Kerr Nilsen | |
46 | 1 | Jon Kerr Nilsen | ---- |
47 | 1 | Jon Kerr Nilsen | |
48 | 1 | Jon Kerr Nilsen | h2. createTime |
49 | 1 | Jon Kerr Nilsen | |
50 | 1 | Jon Kerr Nilsen | The createTime attribute describes when the record was created. |
51 | 1 | Jon Kerr Nilsen | |
52 | 1 | Jon Kerr Nilsen | h3. Comments: |
53 | 1 | Jon Kerr Nilsen | |
54 | 1 | Jon Kerr Nilsen | ---- |
55 | 1 | Jon Kerr Nilsen | |
56 | 1 | Jon Kerr Nilsen | h2. recorderId |
57 | 1 | Jon Kerr Nilsen | |
58 | 1 | Jon Kerr Nilsen | The recorderId gives information on who created the record. |
59 | 1 | Jon Kerr Nilsen | |
60 | 1 | Jon Kerr Nilsen | h3. Comments: |
61 | 1 | Jon Kerr Nilsen | |
62 | 1 | Jon Kerr Nilsen | --- |
63 | 1 | Jon Kerr Nilsen | |
64 | 1 | Jon Kerr Nilsen | Mike J: Suggest a mockup for the wiki: The following is an example straw-man of what I would like to see (it is not agreed nor a summary of the above) |
65 | 1 | Jon Kerr Nilsen | <pre> |
66 | 1 | Jon Kerr Nilsen | <usage> |
67 | 1 | Jon Kerr Nilsen | <recordIdentity> |
68 | 1 | Jon Kerr Nilsen | <creationTime>[When the record is cut]</creationTime> |
69 | 1 | Jon Kerr Nilsen | <recordID>[unique opaque ID]</recordID> |
70 | 1 | Jon Kerr Nilsen | <recorderID type="DN">[DN of host cutting the record]</recorderID> || |
71 | 1 | Jon Kerr Nilsen | <recorderID type="IP">[IP address of host curring the record]</recorderID> |
72 | 1 | Jon Kerr Nilsen | </recordIdentity> |
73 | 1 | Jon Kerr Nilsen | <identity> |
74 | 1 | Jon Kerr Nilsen | <!-- There may be other examples of the following. One of the following needs to have an attribute defining that it was used for authorisation --> |
75 | 1 | Jon Kerr Nilsen | <Id individual="true" type="anonymous"/> || |
76 | 1 | Jon Kerr Nilsen | <Id individual="true"type="DN" scope="global|local">[DN]</userId>? |
77 | 1 | Jon Kerr Nilsen | <Id individual="true" type="IP" scope="global|local">[IP]</userId>? |
78 | 1 | Jon Kerr Nilsen | <Id individual="true" type="UID" scope="site|local">[ID]</userId>? |
79 | 1 | Jon Kerr Nilsen | |
80 | 1 | Jon Kerr Nilsen | <ID individual="false" type="GID" scope="site|local">[ID]</groupID>? |
81 | 1 | Jon Kerr Nilsen | <ID individual="false" type="VOMS"> |
82 | 1 | Jon Kerr Nilsen | <authority type="DN">[VOMS AC Issuer/Server certificate]</authority> |
83 | 1 | Jon Kerr Nilsen | <method>AC|List|SAML</method> |
84 | 1 | Jon Kerr Nilsen | </groupID> |
85 | 1 | Jon Kerr Nilsen | <ID individual="false" type="GID" scope="site|local">[GID]</groupID> |
86 | 1 | Jon Kerr Nilsen | <ID individual="false" type="IP" scope="local|global"> |
87 | 1 | Jon Kerr Nilsen | <IP mask="255.255.0.0">[IP]</IP>+ |
88 | 1 | Jon Kerr Nilsen | </groupID> |
89 | 1 | Jon Kerr Nilsen | </identity> |
90 | 1 | Jon Kerr Nilsen | ... |
91 | 1 | Jon Kerr Nilsen | </usage> |
92 | 1 | Jon Kerr Nilsen | </pre> |