perfsonar development work

[Cándido Rodríguez Montes <>]

Hi Nicolas,

El 03/06/2008, a las 10:00, Nicolas Simar escribió:

Hi,

few question about this.

1) What is the benefit of going for https in our case?

The communication between visualization tools and perfSONAR services (and between these and the AS) are encrypted. So, http sniffer cannot get the content of messages and of security tokens too.

2) If https was to be turned on instead of http: what are changes the developer should bring to their products (web-services or visualisations)? Would those changes break the backward compatibility?

I think we don't need to modify any line of code. It depends on the source code of each visualization tools, but, I've made some tests with Axis1 and I didn't need to change the source code of my tests when I set the end point of a service deployed with https.

3) What would have to do a deployer (someone who has already deployed the web-services)?

He has to configure Tomcat with https, so it requires a private and a public key imported into a keystore. It's not a complicated task but the problem is I don't know how it can be done automatically by our packages right now.

Regards

Thanks a lot for helping here.

Best regards,

Nicolas

Nina Jeliazkova wrote:

Hi Candido,

The client, directly communicating with the web service (e.g. perfsonarUI) will need to use certificates or user credentials, in order to use the secure connection. Will  these will be different from GIdP authentication?  If using certificates, could you clarify the procedure to issuing certificates and ensuring each perfsonarUI user have a valid one?

Best regards,

Nina

Nicolas Simar wrote:

Hi Roman, Nina and David,

Cándido Rodríguez Montes wrote:

Hi Nicolas and Loukik,

as perfSONAR MDM 3.0 is going to be installed by european NRENs, I would like to know if they are/will be deploy their services over http or https.

Https is not a requirement for the authN process but it is helpful for replying attacks, even the authN hasn't been part of perfSONAR!

what would be the impact on the

1) the web-service development if we were to use https (none?)

2) on the visualisation (the way they access the web-service).?

So, in case perfSONAR services are reached by http, we should ask them to move it to https.

Thanks a lot.

Nicolas

Regards

-- 

Cándido Rodríguez Montes E-mail: <>

Middleware warrior Tel:+34 955 05 66 13

Red.ES/RedIRIS

Edificio CICA

Avenida Reina Mercedes, s/n

41012 Sevilla

SPAIN

-- 

Nicolas

______________________________________________________________________

Nicolas Simar

Network Engineer

DANTE - www.dante.net

Tel - BE: +32 (0) 4 366 93 49

Tel - UK: +44 (0)1223 371 300

Mobile: +44 (0) 7740 176 883

City House, 126-130 Hills Road

Cambridge CB2 1PQ

UK

_____________________________________________________________________

--

Cándido Rodríguez Montes E-mail: 

Middleware warrior Tel:+34 955 05 66 13

Red.ES/RedIRIS

Edificio CICA

Avenida Reina Mercedes, s/n

41012 Sevilla

SPAIN