[Pipet Devel] Re: Security model

J.W. Bizzaro bizzaro at geoserve.net
Fri Apr 7 19:33:44 EDT 2000 

Brad Chapman wrote:
> 
> > (note: the transported data will be encrypted with the DL password
> as key.)
> 
> Man, Jarl, you are awesome! This just helped me figure out a problem I
> was having with secure password storage in the dl. Thanks!

What sort of encryption are we talking about?

> > OK, so this means will will have a system that is like the unix
> > user\group system, only groups have passwords too in VSH!
> 
> This sounds like a good plan to me. Jeff, does this jive with your
> security ideas?

I just have that one question about group passwords.  Will users be able to
log in to a group without logging in as a user?

> > No, they have access to the nodes created with THEIR DLid.
> > And yes, this makes it possible to have multiple logins on the same
> DLid.
> > To get access to another DL's nodes, use login 'level' (?)
> 
> Okay, I think I understand your point, although I'm not sure what you
> mean by login level...

I think he means the user is granted a higher level of access, being able to
tap into other DL's...directly?  Doesn't BL->BL communication occur as
BL->DL->Internet->DL->BL?  Then, what will BL->DL->Internet->DL->DL->BL
provide, other than additional access?

> This makes my head hurt :-) I think we should keep it simple for the
> time being. I think the only idea about of one dl being able to log
> into another was so one dl could control the other (ie. you could
> control the gnome gui display using the (not yet developed) speech
> recognition user interface. Am I right on this Jeff, or did you have
> bigger ideas of two dls connecting?

Okay, now I'm confused.  I thought we were going to have multiple fronts for
each DL.  Or are you talking about one front per DL?

For Loci, I was planning on the multiple fronts being all local to the middle.

> > Maybe this new field of the uriS will make this possible?
> > so it will be like this (simplyfied):
> > struct uriS {
> >    long instaceID;
> >    long groupID; //aint the same as the unix 'group' !!
> >    long subnetID;
> >    long nodeID;
> > };
> >
> > Giving any lead?
> 
> Okay, so a group is "smaller" than a instanceID, and groups subnets
> and nodes and not users. Am I following you correctly?

Can we get a clear definition of a 'group' then?

Jeff
-- 
                      +----------------------------------+
                      |           J.W. Bizzaro           |
                      |                                  |
                      | http://bioinformatics.org/~jeff/ |
                      |                                  |
                      |        BIOINFORMATICS.ORG        |
                      |           The Open Lab           |
                      |                                  |
                      |    http://bioinformatics.org/    |
                      +----------------------------------+

More information about the Pipet-Devel mailing list