jarl van katwijk wrote: > > > Hmmm. So, DL do authorization, but the connection between remote DL's and the > > local BL is direct? > > Direct? a DL must authenticate to the BL if this is what you want to hear (?). Okay. > > I'm not sure I understand why group is BL level and user is DL level. > > group : a BL allows ALL nodes\subnets(?\commands?) from a DL once it's logged in. > user: a DL grants another DL only partical access to the node space it has inside the > BL > > So a DL can only grant access to its own nodes, a BL grants all-or-nothing to the > nodes. This is happening when the UI is closed and the nodes it has created are still > active. I understand. But I think 'user' and 'group' might be confusing to Unix people. > > And, why would you have a group password? The reason Unix doesn't have group > > passwords is because everyone must log in as a user anyway. Are you saying > > someone can have group access without logging in as a user? > > > > Yes, I think we should see the 'group' as the main authorisation 'level', the 'USER > level' is more detaillistic, it's only a part of the regulair used access, only a > subset. > > I'm not to happy about the naming, you can see why. :-) Yes, we should work on some better names for those two. > > > We should therefor deside if it can be possible for a DL to login to another DL > > > and to a BL at the same time. I didn't though about the consequences yet.. > > > > You mean in addition to logging into the root DL? > > No, as this situation : > > - DL1 is logged into BL1 > - DL2 is logged into BL1 > - DL2 also is logged into DL1, so it's able to use some of DL1's nodes. > > This would make it possible for DL2 to combine it's nodes to DL1's nodes. > This situation just makes me expect security holes.. i'm not sure yet. Hmmmm. I see. It's an interesting idea. I think it adds an extra dimension to the application, but it MAY add some security problems, as you say. Jeff -- +----------------------------------+ | J.W. Bizzaro | | | | http://bioinformatics.org/~jeff/ | | | | BIOINFORMATICS.ORG | | The Open Lab | | | | http://bioinformatics.org/ | +----------------------------------+