[Nsi-wg] Issue 41 in ogf-nsi-project: Do we replace the replyTo field with a topology/NSA configuration lookup?
ogf-nsi-project at googlecode.com
ogf-nsi-project at googlecode.com
Fri Oct 7 07:08:57 CDT 2011
Comment #7 on issue 41 by thost... at gmail.com: Do we replace the replyTo
field with a topology/NSA configuration lookup?
http://code.google.com/p/ogf-nsi-project/issues/detail?id=41
I agree that the requesterNSA cannot be used for any authN / authZ. The MTL
/ protocol layer can provide a set of attributes, e.g., IP, certificate
identity, etc. These can then be used for authorization. We cannot really
use anything in the message for authN / authZ.
I also have hard time seeing what we actually need the requeserNSA and
providerNSA field for. They seem descriptive / informational to me.
In general, the protocol seems to be designed around the assumption that
theere is a more or less static set of NSI agents, which only communicates
with each other. This is assumption is starting to fall apart as we are
starting to use the protocol. There will be clients for querying (e.g., the
visualization tool), and it is likely that there will be some short-lived
clients requesting connections. There will probably be more. An NSI agent
will not always be communicating with another NSI agent.
More information about the nsi-wg
mailing list