Opened 11 years ago
Last modified 11 years ago
#1025 assigned
Require some form of authentication?
Reported by: | Aaron Helsinger | Owned by: | xyang@maxgigapop.net |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | MAXSCS | Version: | SPIRAL5 |
Keywords: | Cc: | xyang@maxgigapop.net | |
Dependencies: |
Description
Should the Stitching service require authentication with a GENI certificate?
Since the SCS effectively exposes Ad RSpecs, which are currently only available given a valid certificate and user credential from aggregates, it seems the SCS should at least require client authentication with SSL certificates.
Change History (2)
comment:1 Changed 11 years ago by
Owner: | changed from tlehman@maxgigapop.net to xyang@maxgigapop.net |
---|---|
Status: | new → assigned |
comment:2 Changed 11 years ago by
Yes, I think SCS access would be limited to people with a valid GENI certificate.
I assume the SCS would trust
- GENI Clearinghouse
- pgeni.gpolab
- planetlab
- PG Utah
Note: See
TracTickets for help on using
tickets.
We can do this outside of SCS code by using a SSL wrapper program, say stunnel.
We can then supply SCS server side SSL and also SSL based client authentication.
Question is: who should SCS trust? Do we require any client using SCS to obtain an SSL cert signed by some GENI CA?