Web Profile and security

Doug Tody dtody at nrao.edu
Wed Dec 15 09:27:28 PST 2010


It would be good to have a HTTPS capability as an option, so long as 
open HTTP remains available as the default.  Probably the concerns
can only be fully answered by prototyping, which in this case will
be needed long before any of this could be considered to be added to
the standard.   - Doug


On Wed, 15 Dec 2010, Mark Taylor wrote:

> Hi all,
>
> following my Web Profile presentation at the Interop, I chatted to
> Ray Plante a bit about security.  He thinks that it would be a good
> idea for the hub to pay attention to signed certificates.
> In this scenario, the hub has a certificate bundle
> and accepts HTTPS requests as well as HTTP ones
> (on a separate well-known port?).  When a request to register
> is received and the hub asks the user for confirmation
> (via a popup or whatever), then the hub should make clear
> to the user whether the request was signed, and
> whether the CA is from its trusted certificate bundle or not.
> It should perhaps issue to the user an extra-scary warning for
> clients which cannot be authenticated as from a trusted source.
> This gives the user a better idea about whether to trust the
> registering tool/page with the user privileges entailed by SAMP
> registration.
>
> A given hub implementation would need to get its certificate bundle
> from somewhere; putting an IVOA-approved bundle together sounds like
> a job for GWS (maybe they already have one?)
>
> This sounds reasonable to me in principle.  However, I'm very
> ill-informed about certificates and security in general, so my
> understanding of the issues is pretty sketchy - quite possibly there
> are howlers in the above summary which show off my ignorance.
>
> Questions which occur to me:
>
>  - how much harder does this make hub implementation?
>
>  - how hard is it for client authors to make HTTPS requests
>       in the various target languages (JavaScript et al.)?
>
>  - will there be performance issues?  cryptography can be slow,
>       and often SAMP involves a lot of short messages
>
>  - do the three sandbox-busting technologies currently proposed by
>       the Web Profile work with HTTPS?  (I think the answer is yes,
>       but I wouldn't bet on it).
>
> there are probably other questions too.
>
> Can anybody comment on whether they think this idea is sensible
> and/or necessary and/or practicable, or add anything else they
> think is relevant?  I believe that Luigi already uses https
> connections with SAMPy, so his perspective will be particularly
> valuable.
>
> Mark
>
> --
> Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
> m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/
>


More information about the apps-samp mailing list