You're forced to authorize the portal in order to use the non-GENI-API parts of the portal #1780
Comments
|
The act of authorizing the portal creates a certificate that is held by the portal and allows the portal to act as the user. If you give the portal a CSR, the portal can still act as you if you have authorized the portal to do so. It uses the alternate certificate that was created when you authorized the portal, not the one that was created by signing the CSR. Projects are accessible via the clearinghouse API. Without authorization, the portal has no way of listing a user's projects. There are very few operations that would be available without authorization. We have chosen to disallow use altogether rather than display those very few functions that the portal might be able to offer without being able to access the clearinghouse on behalf of the experimenter. |
|
Ah, it is not clear from the docs that the portal makes its own speaks-for (this makes sense of course, and explaining probably won't really help anyone, but it's an implementation detail that is not clear). So, the thing that would be most useful is if the user could still download an omni.bundle... (instead of just the PEM which is harder to work with in tools). We can probably tweak the geni-lib bundle creator to work with just the PEM, but if they could download a bundle that would just be easier. |
I think you should be able to see the general portal interface, and see your projects and such, without authorizing the portal to act as you. If I give the portal a CSR and it signs that, I can still use the portal (even though it can't act as me), but if I allow the portal to generate my keys and then don't authorize it to act as me, I can't access the portal at all.
The text was updated successfully, but these errors were encountered: