* a recently disabled/deleted user may still have a valid cred. Keep a list of valid/invalid users on the aggregate and check callers against this list
- Component manager
- Stop invalid users
* a recently disabled/deleted user may still have a valid cred. Keep a list of valid/invalid users on the aggregate and check callers against this list
- Component manager
+ * only call get_gids() if there are slices with no gids installed
* GetTicket - must verify_{site,slice,person,keys} on remote aggregate
* GetTicket - must verify_{site,slice,person,keys} on remote aggregate
- * REdeem ticket - RedeemTicket/AdminTicket not working. Why?
+ * Redeem ticket - RedeemTicket/AdminTicket not working. Why?
* install the slice and node gid when the slice is created (create NM plugin to execute sfa_component_setup.py ?)
* install the slice and node gid when the slice is created (create NM plugin to execute sfa_component_setup.py ?)
-
-- sfa.util.api
- * preload registries/aggregates into the api object (i.e. api.registries = Registries())
* api.update_membership() shoudl behave more like resolve when looking up records (attempt to resolve records at federated registeries) instead of only looking in the local registry
* support generic registry records (dont depend on postgres!)
* api.update_membership() shoudl behave more like resolve when looking up records (attempt to resolve records at federated registeries) instead of only looking in the local registry
* support generic registry records (dont depend on postgres!)
-- Aggregate
-* sfa.plc.slices.verify_site() should check if site['max_slices'] needs to be updated
-* sfa.plc.slices.verify_slice() should check if slice['expires'] needs to be updated
-
+- Auth Service
+ * develop a simple service where users auth using username/passord and
+ receive their cred
+ * service manages users key/cert,creds
+
+- GUI
+ * requires user's cred (depends on Auth Service above)
+
- SM call routing
* sfi -a option should send request to sm with an extra argument to
specify which am to contact instead of connecting directly to the am
- SM call routing
* sfi -a option should send request to sm with an extra argument to
specify which am to contact instead of connecting directly to the am