CDP question
Patrick Dowler
patrick.dowler at nrc-cnrc.gc.ca
Wed Dec 8 23:13:22 PST 2010
In CDP there is a recommendation to use some sort of hash as the (obscure) key
to the created delegation rather than the DN. Doing so presumably means that a
user always gets the same value but other people can't snoop and see who is
using the service... Is a client supposed to be able to know (aside from
storing the value) the path so they could check if they have an existing valid
proxy certificate set up already?
It would be nice if a client could somehow find or list their own delegations.
Would they do that by doing an authenticated GET of the delegations list and
only finding their own (single?) delegation in the list? (e.g. the service
filters by owner)
I know the hash doesn't give any real security so the service has to protect
the proxy certificate+key via proper authentication and authorization. Is this
just a privacy issue? That seems relevent and we have considered privacy
issues w.r.t. users seeing what other users are up to in other contexts.
--
Patrick Dowler
Tel/Tél: (250) 363-0044
Canadian Astronomy Data Centre
National Research Council Canada
5071 West Saanich Road
Victoria, BC V9E 2M7
Centre canadien de donnees astronomiques
Conseil national de recherches Canada
5071, chemin West Saanich
Victoria (C.-B.) V9E 2M7
More information about the grid
mailing list