perfsonar development work

[Cándido Rodríguez Montes <>]

Hi Ralf,

El 03/03/2008, a las 14:03, Ralf Kleineisel escribió:

Hi,

Cándido Rodríguez Montes wrote:

I've just uploaded a new version of perfsonar-base and

perfsonar-base-ac_authn (20080303) which does a workaround about the

timestamp.

I don't see the point of that timestamp function at all.

There are so many security sensitive applications like ssh, ssl and none of

them relies on the computer's clock.

Yes, that's true. They are in other scenarios and they don't need the timestamp.

If you need secure perfSONAR: Why don't you simply tunnel it through an ssl

tunnel? Why invent the wheel once again?

Sorry but I disagree. In fact we're not securing perfSONAR, but we've building an authentication and authorization infrastructure in it and integrating into a multi-domain federation (called confederation by JRA5). 

And, for that purpose, we're using the available standards for securing web services, as perfSONAR is based on SOAP web services. The timestamp is also recommended in that standard for enforcing the security of security tokens, so I think we should use it.

Regards

Best regards

Ralf

--

Cándido Rodríguez Montes E-mail: 

Middleware warrior Tel:+34 955 05 66 13

Red.ES/RedIRIS

Edificio CICA

Avenida Reina Mercedes, s/n

41012 Sevilla

SPAIN