Skip to Content.
Sympa Menu

perfsonar-dev - Re: [pS-dev] [Security Update] New version of perfSONAR base

Subject: perfsonar development work

List archive

Re: [pS-dev] [Security Update] New version of perfSONAR base


Chronological Thread 
  • From: Cándido Rodríguez Montes <>
  • To: Nina Jeliazkova <>
  • Cc: Perfsonar Development <>
  • Subject: Re: [pS-dev] [Security Update] New version of perfSONAR base
  • Date: Mon, 3 Mar 2008 13:51:29 +0100
Hi Nina and others,
I've just uploaded a new version of perfsonar-base and perfsonar-base-ac_authn (20080303) which does a workaround about the timestamp.
When a security token is created, it puts when it was created and when it will be expired. The theory is really pretty, but in our real world, we have a problem is if the time clock of the client is different of the time clock of the AS. Why? Because, for example, if the time clock of the AS is 9:00 and the time clock of the client is 9:01, the security token will be valid from 9:01 to 9:11. So, the AS won't valid the security token because 9:00 is not between 9:01 and 9:11.
Then, what have I changed? With the new version of those jar files, in that example, the security token will be valid from 8:56 to 9:06. It gets the Time To Live (ttl) of the security token (by default is 10 minutes but you can set it programatically) and the security token is valid from (actual_time-(ttl/2)) to (actual_time+(ttl/2)).
I hope this fixes the problem of not having the same clock time between clients and the AS and users don't experience this problem.

Regards

El 27/02/2008, a las 16:47, Nina Jeliazkova escribió:

Hi Cándido,

I've tried to use the new perfsonar base in perfsonarUI, but when testing with Telnet SSH, I am getting the error message below. Could you tell me the reason?

<?xml version="1.0" encoding="UTF-8"?>
<nmwg:message xmlns:nmwg="http://ggf.org/ns/nmwg/base/2.0/" id="resultCodeMessage">
<nmwg:metadata id="resultCodeMetadata">
<nmwg:eventType>error.authn.timestamp</nmwg:eventType>
</nmwg:metadata>
<nmwg:data id="resultDescriptionData_for_resultCodeMetadata" metadataIdRef="resultCodeMetadata">
<nmwgr:datum xmlns:nmwgr="http://ggf.org/ns/nmwg/result/2.0/">Authentication failed</nmwgr:datum>
</nmwg:data>
</nmwg:message>


Regards,
Nina

Cándido Rodríguez Montes написа:
Hi devs,
There is a new version of perfsonar-base, 20080225, which should be used if you're using the authentication component in your service. This release fixs a problem with the WE profile.
Please, update your perfSONAR-base jar file ASAP, so testing process can include tests of the WE profile for your service.

Regards

--
Cándido Rodríguez Montes E-mail: 
Middleware warrior Tel:+34 955 05 66 13
Red.ES/RedIRIS
Edificio CICA
Avenida Reina Mercedes, s/n
41012 Sevilla
SPAIN





-- 
---------------------------------
Dr. Nina Nikolova-Jeliazkova
Institute for Parallel Processing
Bulgarian Academy of Sciences
Acad. G. Bonchev St 25-A
1113 Sofia, Bulgaria
Tel: +359 886 802011
ICQ: 10705013
www: http://ambit.acad.bg/nina
---------------------------------
PGP Public Key
http://cert.acad.bg/pgp-keys/keys/nina-nikolova-0xEEABA669.asc
	8E99 8BAD D804 1A43 27B7  7F87 CF04 C7D1 EEAB A669
---------------------------------------------------------------

--
Cándido Rodríguez Montes E-mail: 
Middleware warrior Tel:+34 955 05 66 13
Red.ES/RedIRIS
Edificio CICA
Avenida Reina Mercedes, s/n
41012 Sevilla
SPAIN





Archive powered by MHonArc 2.6.16.

Top of Page