| 57 | == Security == |
| 58 | |
| 59 | Access to the local datastore is restricted through the use of certificates enabling an SSL connection. When a new request comes in, the following occurs: |
| 60 | |
| 61 | * Make sure the SSL certificate is signed by a GENI trust anchor. The local datastore webserver is configured to do this check. |
| 62 | * The certificate is passed along to the application which parses out the URN. |
| 63 | * Last, the URN is checked to see if it is on the whitelist (those with permission to access operational data). |
| 64 | * The polling is answered as outlined above on this page. |
| 65 | |
| 66 | The whitelist can be maintained centrally and the local datastores can poll to update their whitelist (infrequently). |