CDP question

Patrick Dowler patrick.dowler at nrc-cnrc.gc.ca
Wed Dec 8 23:13:22 PST 2010


In CDP there is a recommendation to use some sort of hash as the (obscure) key 
to the created delegation rather than the DN. Doing so presumably means that a 
user always gets the same value but other people can't snoop and see who is 
using the service... Is a client supposed to be able to know (aside from 
storing the value) the path so they could check if they have an existing valid 
proxy certificate set up already? 

It would be nice if a client could somehow find or list their own delegations. 
Would they do that by doing an authenticated GET of the delegations list and 
only finding their own (single?) delegation in the list? (e.g. the service 
filters by owner)

I know the hash doesn't give any real security so the service has to protect 
the proxy certificate+key via proper authentication and authorization. Is this 
just a privacy issue? That seems relevent and we have considered privacy 
issues w.r.t. users seeing what other users are up to in other contexts.

-- 

Patrick Dowler
Tel/Tél: (250) 363-0044
Canadian Astronomy Data Centre
National Research Council Canada
5071 West Saanich Road
Victoria, BC V9E 2M7

Centre canadien de donnees astronomiques
Conseil national de recherches Canada
5071, chemin West Saanich
Victoria (C.-B.) V9E 2M7


More information about the grid mailing list