[Pipet Devel] Re: Security model

J.W. Bizzaro bizzaro at geoserve.net
Fri Apr 7 19:23:07 EDT 2000


jarl van katwijk wrote:
> 
> The only problem with remote DL's is that the (local) root DL must know about
> that remote one in order to authoritized it.

Hmmm.  So, DL do authorization, but the connection between remote DL's and the
local BL is direct?

> OK, so this means will will have a system that is like the unix user\group
> system,
> only groups have passwords too in VSH!
> 
> group    ~~ BL level (DL id  & DL password give access to whole set of subnets
> and nodes that are childs of that DL)
> user       ~~ DL level (??? id & ??? password give access to subset of the
> subnets and nodes that are childs of that DL)

I'm not sure I understand why group is BL level and user is DL level.

And, why would you have a group password?  The reason Unix doesn't have group
passwords is because everyone must log in as a user anyway.  Are you saying
someone can have group access without logging in as a user?

> Yeppo!
> The root DL will only be there to grant others access and do some very-very-very
> basic subnet processing.
> The most work will spawn out of other DL's.

Okay...I think I understand.

> No, they have access to the nodes created with THEIR DLid.
> And yes, this makes it possible to have multiple logins on the same DLid.
> To get access to another DL's nodes, use login 'level' (?)  2.
> We should therefor deside if it can be possible for a DL to login to another  DL
> and to a BL at the same time. I didn't though about the consequences yet..

You mean in addition to logging into the root DL?

Cheers.
Jeff
-- 
                      +----------------------------------+
                      |           J.W. Bizzaro           |
                      |                                  |
                      | http://bioinformatics.org/~jeff/ |
                      |                                  |
                      |        BIOINFORMATICS.ORG        |
                      |           The Open Lab           |
                      |                                  |
                      |    http://bioinformatics.org/    |
                      +----------------------------------+




More information about the Pipet-Devel mailing list