[Pipet Devel] VSH Security model

jarl van katwijk jarl at casema.net
Mon Apr 10 01:26:49 EDT 2000 

Hi all,

I made a start writing down the security model vsh will get,
it's not complete yet, so please read it and comment on it,
i'll work some more on it later today.

bye,
jarl
-------------- next part --------------
	VSH Security model
	9-4-2000

	Changelog:
	10-4-2000: Jarl van Katwijk, 1st draft text
	------------------

	Definitions:
	1) VSH is implemented by 4 layers,
	2) LAYERS are concidered isolated besides the communication api,
	3) NODES are the neurons making up subnets and complete structures,
	4) SUBNETS are sets of nodes that are clustered for some reason,
	
	Layers description:
	1) UI, User Interface layer, graphical user front end or batch script.
	2) DL, Definition layer, coordination engine for scheduling UI's and 
		partial sharing of structure data. Logs into the BL.
	3) BL, Bropkering layer, engine for handling subnets, authentication of
		DL's and parsing to the PL. Wraps application plugins.
	4) PL, Processing layer, holds the nodes, wraps (terminal?) applications
		and performs nodes processing.

	Layers communications:
	1) UI<->DL communication will go by sockets
	2) DL ->BL communication will go though the dl2bl corba orb
	3) BL ->DL communication will go though the bl2dl corba orb
	4) BL<->PL communication will go by linking the PL libraries

	Authentication system:
	0) Localhost has running VSH core, cq a BL\PL process.
	1) UI's spawn a new DL.
	2) DL's login to BL by their dlID and blPassword.
	2a) The 1st DL loggin into a BL becomes the root DL and has the ability
		to authorize other DL's to log into the BL. (AddDL();)
	2b) All subnets created by a DL are marked by the idDL and have the same 
		login ability (or: idDL+blPassword) as their parent. Subnets can
		therefor be relocated or mirrored inside a remote BL\PL process.
	3) DL's can login to other DL's by dlID and dlPassword. Note dlPassword
		is NOT blPassword. These are 2 seperate id+password tables.
	3a) A DL can only interact\mutate it's 'own' nodes
	3b) A DL which is logged into another DL can interact & mutate all nodes
		of the host DL.

More information about the Pipet-Devel mailing list