Re: security and multi-user

From: "Shawn T. Amundson" <amundson gimp org>
To: gnome-components-list gnome org
Subject: Re: security and multi-user
Date: Tue, 17 Mar 1998 06:38:53 -0800 (PST)
On 17 Mar 1998, Tom Tromey wrote:

> I don't think CORBA is useless.  But I do think that the OMG has put a
> lot of complexity in the wrong places.
> 
> One thing I like about CORBA is that to the programmer (us users --
> not the people writing ORBs) it presents APIs, and not protocols.  I
> think the long history of broken protocol implementations shows that
> this is probably a good idea.  (And, anyway, I hate writing protocol
> handling code.)

Yes, it is very nice at that.  But if it is too insecure, it is still
useless.  I don't want to write a proprietary client/server type of
thing or I wouldn't have been excited about using CORBA at all.  ;-)

> Shawn> Even if it is local, at the minimum I need to have more than
> Shawn> one user per machine.  Imagine: "Sorry, someone is using an
> Shawn> addressbook already, find a different machine..."
> 
> Shawn> So how do I go about this goal? 
> 
> This part you can do.
> 
> For Gnome I think we are going to run a master instance of the CORBA
> Name Service (that is, one instance per "session").  This is one way
> that a Gnome program can find the objects it wishes to talk to.

So when a user logs in, micod and all the other things start?  Seems to
me if you had 5-6 NCD machines pointing to one box and these people 
all decide to run GNOME the real machine is going to crap out, over heat 
and die from lack of memory and CPU power.

> You could just make a new address book object and register it with the
> Gnome name service.  Then address book clients would use the name
> service to find the address book object.

Yes, indeed; is there already some gnome specific name service
I need to look at?  

If I read and play around with this stuff correctly, you can register
as many IDL:GNOME/AddressBook:1.0 things as you want and tell them
apart by reference tags, perhaps like "LDAP service" or "Aorta Addressbook".
(perhaps you know if this is correct thinking...)

> In fact, I'd argue that this is the way to go even if you have shared,
> remote address books.  In this case the "local" (to Gnome) object is
> just a proxy that talks to the remote address book (or several,
> presenting some merge of the contents).  The reason to do it this way
> is that it puts the complexity in a single place -- the proxy --
> instead of in every client.  To a client, it just looks like there is
> a single address book.
> 
> You can even write proxies that talk CORBA on one end, and something
> else on the other end.  You could use this to integrate with
> preexisting address book packages and servers.

We intend to have addressbooks which contain addressbooks, so really
the user will probably connect to only one.  Perhaps these are address
libraries. ;-)

The problem though is how to talk between the address library and all
the address books, which is similar to having one client talk to the
remote address book itself (only easier to talk about).

One of the proxy-type things will be talking LDAP hopefully...


> One last thing: if you know that the user only wants to use a
> particular remote address book object, then you could just register
> that object with his local name service.  The remote part is no
> problem.

I am only concerned about the security, I have confidence the rest
will work fine. ;-)

> [ stuff about crypt ]
> 
> Shawn> Now, why *don't* I want to waste my time doing this?  (Please,
> Shawn> tell me now before I start...)
> 
> CORBA does have a Security specification.  I haven't read it; I
> understand it is quite long.  Anyway, ideally the problem would be
> solved down at the MICO level -- somebody would write an
> implementation of the Security service for MICO, and we would just
> start using it.
> 
> That way the ugliness of adding crypt() calls to all our code would be
> replaced with some ugly standardized calls instead.
> 
> Perhaps looking in on the MICO list/web page to see if this is in
> progress would be a good first step.

>From the mailing list:
http://www.cs.uni-magdeburg.de/~aschultz/mico/mico-devel/1998-02/msg00064.html

Seems to imply no one is working on it.

> 
> I imagine it would best be implemented by someone outside the US.

Unless you just link against DES/Idea stuff that is already available,
in which case it really shouldn't be too much of an issue.

--
Shawn T. Amundson               
amundson@gimp.org               http://www.gimp.org/~amundson

"The assumption that the universe looks the same in every
 direction is clearly not true in reality." - Stephen Hawking
References:
- Re: security and multi-user
  - From: Tom Tromey
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]