[Pipet Devel] VSH Security model

J.W. Bizzaro bizzaro at geoserve.net
Mon Apr 10 20:32:51 EDT 2000


jarl van katwijk wrote:
> 
>         2) DL, Definition layer, coordination engine for scheduling UI's and
>                 partial sharing of structure data. Logs into the BL.
>         3) BL, Bropkering layer, engine for handling subnets, authentication of
>                 DL's and parsing to the PL. Wraps application plugins.
>         4) PL, Processing layer, holds the nodes, wraps (terminal?) applications
>                 and performs nodes processing.

What actually holds the 'structure data' and manages the direct manipulation
of it?


>         Layers communications:
>         1) UI<->DL communication will go by sockets

For now :-)

>         Authentication system:
>         0) Localhost has running VSH core, cq a BL\PL process.
>         1) UI's spawn a new DL.
>         2) DL's login to BL by their dlID and blPassword.
>         2a) The 1st DL loggin into a BL becomes the root DL and has the ability
>                 to authorize other DL's to log into the BL. (AddDL();)
>         2b) All subnets created by a DL are marked by the idDL and have the same
>                 login ability (or: idDL+blPassword) as their parent. Subnets can
>                 therefor be relocated or mirrored inside a remote BL\PL process.
>         3) DL's can login to other DL's by dlID and dlPassword. Note dlPassword
>                 is NOT blPassword. These are 2 seperate id+password tables.

I can see a problem or conflict with the filesystem proposal here.  A change
made to a network by a second user, during the time when the first user is
working on the network (and has not saved his changes), is a Bad Thing.

I proposed that the whole volume or network be locked by the first user who
mounts it.  This is what all multi-user OSes do to an extent (maybe files are
locked rather than whole volumes).  And I see it as the simplest way to
prevent the problem.  But it means you just can't have DL's share a network.

Jeff
-- 
                      +----------------------------------+
                      |           J.W. Bizzaro           |
                      |                                  |
                      | http://bioinformatics.org/~jeff/ |
                      |                                  |
                      |        BIOINFORMATICS.ORG        |
                      |           The Open Lab           |
                      |                                  |
                      |    http://bioinformatics.org/    |
                      +----------------------------------+




More information about the Pipet-Devel mailing list