[OTDev] AA status
Andreas Maunz andreas at maunz.deMon Jul 19 10:59:17 CEST 2010
- Previous message: [OTDev] AA status
- Next message: [OTDev] AA status
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Luchesar V. ILIEV wrote on 07/19/2010 10:53 AM: > Therefore, I'd like to ask for your opinion: is there a need to place > the protection at component level such that would outweigh the > additional technical burden. In fact, there's extra burden if we > protect at the root as well, because we need to have a mechanism to > "reroute" queries for specific components to the root policy. As Luchesar pointed out, we suggest to protect resources for compound datasets only, e.g. datasets, models, validations. Otherwise, since everything is exposed as resource URI, in the most extreme case one could also register single feature values, such as 'true' or 'false'. On another note, I have now implemented DNS checking. The policy webservice accepts now only policies where the IPs of the resources match the IP of the client webservice. The idea is to prohibit registering resources from any computer, which is a security issue, as discussed earlier on this list. Specifically, for any policy p submitted by client c, for any resource r contained in p, it is enforced that URI(r) = URI(c). Thus, resources must always be identified by a FQDN or directly via IPs with one exception: You may use 'localhost', e.g. for testing. Please tell me if this fits your needs/requirements or if it presents a problem for you. Best regards Andreas
- Previous message: [OTDev] AA status
- Next message: [OTDev] AA status
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list