[Pipet Devel] Re: Security model

[jarl van katwijk]

> >
> > The only problem with remote DL's is that the (local) root DL must know about
> > that remote one in order to authoritized it.
>
> Hmmm.  So, DL do authorization, but the connection between remote DL's and the
> local BL is direct?
>

Direct? a DL must authenticate to the BL if this is what you want to hear (?).

>
> I'm not sure I understand why group is BL level and user is DL level.

group : a BL allows ALL nodes\subnets(?\commands?) from a DL once it's logged in.
user: a DL grants another DL only partical access to the node space it has inside the
BL

So a DL can only grant access to its own nodes, a BL grants all-or-nothing to the
nodes.
This is happening when the UI is closed and the nodes it has created are still
active.

>
> And, why would you have a group password?  The reason Unix doesn't have group
> passwords is because everyone must log in as a user anyway.  Are you saying
> someone can have group access without logging in as a user?
>

Yes, I think we should see the 'group' as the main authorisation 'level', the 'USER
level'
is more detaillistic, it's only a part of the regulair used access, only a subset.

I'm not to happy about the naming, you can see why.

> > We should therefor deside if it can be possible for a DL to login to another  DL
> > and to a BL at the same time. I didn't though about the consequences yet..
>
> You mean in addition to logging into the root DL?

No, as this situation :

- DL1 is logged into BL1
- DL2 is logged into BL1
- DL2 also is logged into DL1, so it's able to use some of DL1's nodes.

This would make it possible for DL2 to combine it's nodes to DL1's nodes.
This situation just makes me expect security holes.. i'm not sure yet.

jarl