Changes between Version 7 and Version 8 of IMF-GEC13-QSR
- Timestamp:
- 04/01/12 19:14:01 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
IMF-GEC13-QSR
v7 v8 63 63 When a client attempt to initiate a secure connection to it, the IMF Messaging Service expects that client to produce a certificate which is signed by the GENI CA. If not, the connection is refused. We call this ''entity authentication''. 64 64 65 Having successfully connected to the IMF Messaging Service, a client would attempt to either publish to a topic (node), or subscribe to it. The IMF Messaging Server expects credentials to find previously stored credentials for the authenticated entity corresponding to each such action (" can-publish" and "can-subscibe" credentials). Otherwise these actions are refused. Credentials can be stored by the creator of the topic. We call this credential verification''authorization''.65 Having successfully connected to the IMF Messaging Service, a client would attempt to either publish to a topic (node), or subscribe to it. The IMF Messaging Server expects credentials to find previously stored credentials for the authenticated entity corresponding to each such action ("pub_<topic>" and "sub_<topic>" credentials). Otherwise these actions are refused. Credentials are stored in a location known to the IMF Messaging Service. We refer to this process of credential verification as ''authorization''. 66 66 67 67 Both certificates and credentials can be created by the '''gcf''' tool, which has been extended for the purpose. 68 68 69 In order to make this work, the JIDs of clients have to match the arbitrary generated credentials. Thus in this view, the JIDs of the clients are not meant to have significance to humans, whereas the topic names are.69 In order to make this work, the JIDs of clients have to match the prefix of the filename storing the arbitrary generated credentials. Thus in this view, the JIDs of the clients are not meant to have significance to humans, whereas the topic names are. 70 70 71 71 === "Empty" Sample Client to IMF Messaging Service === … … 128 128 * [attachment:some_name.zip Download zip file] 129 129 * [attachment:XMPPAuthCred-IMF.docx Detailed documentation] 130 * Also see the complementary (and background) information at: 131 * [https://geni-imf.renci.org/trac/wiki/Openfire Openfire Server SSL configuration with SASL External authentication for clients using certificates] 132 * [https://geni-imf.renci.org/trac/wiki/Credentials-certificates Creating GENI certificates and credentials using OMNI/gcf tool for use with pubsub] 130 133 131 134 === "Empty" Sample Client to IMF Messaging Service === 132 135 133 136 * [attachment:some_name.zip Download zip file] 134 * [attachment:some_other_name.docx Detailed documentation]137 * See documentation for IMF Messaging Service above 135 138 136 139 === OMF EC and RC using IMF Messaging Service ===