Opened 6 years ago

Last modified 6 years ago

#1025 assigned

Require some form of authentication?

Reported by: Aaron Helsinger Owned by: xyang@maxgigapop.net
Priority: major Milestone:
Component: MAXSCS Version: SPIRAL5
Keywords: Cc: xyang@maxgigapop.net
Dependencies:

Description

Should the Stitching service require authentication with a GENI certificate?

Since the SCS effectively exposes Ad RSpecs, which are currently only available given a valid certificate and user credential from aggregates, it seems the SCS should at least require client authentication with SSL certificates.

Change History (2)

comment:1 Changed 6 years ago by xyang@maxgigapop.net

Owner: changed from tlehman@maxgigapop.net to xyang@maxgigapop.net
Status: newassigned

We can do this outside of SCS code by using a SSL wrapper program, say stunnel.

We can then supply SCS server side SSL and also SSL based client authentication.

Question is: who should SCS trust? Do we require any client using SCS to obtain an SSL cert signed by some GENI CA?

comment:2 Changed 6 years ago by Aaron Helsinger

Yes, I think SCS access would be limited to people with a valid GENI certificate.

I assume the SCS would trust

  • GENI Clearinghouse
  • pgeni.gpolab
  • planetlab
  • PG Utah
Note: See TracTickets for help on using tickets.