Changes between Version 7 and Version 8 of IMF-GEC13-QSR


Ignore:
Timestamp:
04/01/12 19:14:01 (12 years ago)
Author:
Rudra Dutta
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • IMF-GEC13-QSR

    v7 v8  
    6363When a client attempt to initiate a secure connection to it, the IMF Messaging Service expects that client to produce a certificate which is signed by the GENI CA.  If not, the connection is refused.  We call this ''entity authentication''.
    6464
    65 Having successfully connected to the IMF Messaging Service, a client would attempt to either publish to a topic (node), or subscribe to it.  The IMF Messaging Server expects credentials to find previously stored credentials for the authenticated entity corresponding to each such action ("can-publish" and "can-subscibe" credentials).  Otherwise these actions are refused.  Credentials can be stored by the creator of the topic.  We call this credential verification ''authorization''.
     65Having successfully connected to the IMF Messaging Service, a client would attempt to either publish to a topic (node), or subscribe to it.  The IMF Messaging Server expects credentials to find previously stored credentials for the authenticated entity corresponding to each such action ("pub_<topic>" and "sub_<topic>" credentials).  Otherwise these actions are refused. Credentials are stored in a location known to the IMF Messaging Service.  We refer to this process of credential verification as ''authorization''.
    6666
    6767Both certificates and credentials can be created by the '''gcf''' tool, which has been extended for the purpose.
    6868
    69 In order to make this work, the JIDs of clients have to match the arbitrary generated credentials.  Thus in this view, the JIDs of the clients are not meant to have significance to humans, whereas the topic names are.
     69In order to make this work, the JIDs of clients have to match the prefix of the filename storing the arbitrary generated credentials.  Thus in this view, the JIDs of the clients are not meant to have significance to humans, whereas the topic names are.
    7070
    7171=== "Empty" Sample Client to IMF Messaging Service ===
     
    128128 * [attachment:some_name.zip Download zip file]
    129129 * [attachment:XMPPAuthCred-IMF.docx Detailed documentation]
     130 * Also see the complementary (and background) information at:
     131  * [https://geni-imf.renci.org/trac/wiki/Openfire Openfire Server SSL configuration with SASL External authentication for clients using certificates]
     132  * [https://geni-imf.renci.org/trac/wiki/Credentials-certificates Creating GENI certificates and credentials using OMNI/gcf tool for use with pubsub]
    130133
    131134=== "Empty" Sample Client to IMF Messaging Service ===
    132135
    133136 * [attachment:some_name.zip Download zip file]
    134  * [attachment:some_other_name.docx Detailed documentation]
     137 * See documentation for IMF Messaging Service above
    135138
    136139=== OMF EC and RC using IMF Messaging Service ===