[saga-rg] security info in streams...

John Shalf jshalf at lbl.gov
Thu Jun 23 07:42:01 CDT 2005 

That sounds reasonable to me.

My only concern (a minor concern) is that the underlying security 
information is actually different than the kind of information that is 
stored locally.  (eg. its going to be a credential rather than a 
public/private key pair).  So the way that we interact with the two 
kinds of security contexts is compatible (its reasonably represented as 
a list of key-value pairs), but the underlying object or information 
may in fact be different.

-john

On Jun 23, 2005, at 5:18 AM, Andre Merzky wrote:
> Hi All, John,
>
> the streams interface has a security info object, which
> allows to get information about the 'other' side of the
> stream.
>
> That overlaps somewhat with the context we intend to use to
> specify/query security information.  Also, they are very
> similar: both are extending the attrributes interface, and
> specify a set of attributes to be supported.
>
> I'd like to propose to merge both, and use a read only
> context for security info in the stream interface.  It makes
> sense to have dedicated GetXXX methods I think, for those
> attributes which are required.
>
> What do you think?
>
> Cheers. Andre.
>
>
> PS.: I know its summer, so you are probably all too lazy to
> dig through the doc for this :-)  Here are the context and
> the security info:
>
>  SecurityInfo:
>
>     interface SecurityInfo extends-all SAGA.Attribute {
>       /* These methods are shortcuts for typical
>        * information that would be used to
>        * make authorization decisions based on
>        * connection information.  However, the
>        * the validity of the information is
>        * dependent on the security model implementation.
>        * Typically, the information is stored using
>        * the SAGA.Attribute interface.  The data
>        * returned by the sample methods below are
>        * also available via the Attribute interface.
>        */
>       void getSourceUserName   (out string name);
>       void getSourceDN         (out string DN);
>       void getSourceHost       (out string hostname);
>       void getSourcePort       (out int    port);
>     }
>
>  Context:
>
>     enum contextType {
>       X509            = 0,
>       SSH             = 1,
>       Kerberos        = 2,
>       UserPass        = 3
>     };
>
>     interface Context extends-all SAGA.Attribute {
>
>       constructor (in  contextType type);
>       getType     (out contextType type);
>
>     }
>
>
> -- 
> +-----------------------------------------------------------------+
> | Andre Merzky                      | phon: +31 - 20 - 598 - 7759 |
> | Vrije Universiteit Amsterdam (VU) | fax : +31 - 20 - 598 - 7653 |
> | Dept. of Computer Science         | mail: merzky at cs.vu.nl       |
> | De Boelelaan 1083a                | www:  http://www.merzky.net |
> | 1081 HV Amsterdam, Netherlands    |                             |
> +-----------------------------------------------------------------+
>

More information about the saga-rg mailing list