[Spread-users] Security, Authorisation and Roles in Spread
Jonathan Stanton
jonathan at cnds.jhu.edu
Tue May 1 10:46:39 EDT 2007
Hello,
The access control and authentication framework described in that paper
is in Spread 4 (and was in the earlier Spread 3 series going back to
around 2002) The API can be found in the acm.h file in the daemon
directory. The best explanation of how to create modules is to look at
the sample acp-permit.c file for the syntax and read the papers you
found.
I'm not sure what "Role" functions you are referring to, we did not
implement a role-based ACL module. The framework we provide
should support such an approach.
Given what you describe, I think you can provide that type of access
control using the current framework. You will need to decide whether
users need to be strongly authenticated or not (meaning can they pick
their user names freely or not) and then implement an access control
module like acp-permit.c but instead of allowing everything, make
different decisions depending on the user.
You are correct that the way Spread works out-of-the-box is to allow all
connections and usage (you can still block it using a firewall)
If this doesn't answer your question, let me know.
Jonathan
On Sun, Apr 29, 2007 at 11:25:30AM +0930, David Lloyd wrote:
>
> Hi There,
>
>
> I note that the ACL/Role functions for Spread refer to this document:
>
> * http://www.cnds.jhu.edu/pub/papers/ngc01_auth_framework.ps
>
> From what I can tell, the authentication method(s) implemented are not
> in the main branch and alter some of the main branches code (1).
>
> Essentially, I'm wanting to setup a message system where the message
> system itself will only allow certain sender/receivers to use it and to
> adjudicate which of these sender/receivers may send or receive.
>
> If I'm reading the docs for Spread correctly, provided you can connect
> to the Spread system, you can essentially join, create and hear any
> messages over any channels/groups...
>
> DSL
>
> 1) main branch means a binary such as this one:
> http://www.spread.org/download/spread-bin-4.0.0.tar.gz
>
> _______________________________________________
> Spread-users mailing list
> Spread-users at lists.spread.org
> http://lists.spread.org/mailman/listinfo/spread-users
--
-------------------------------------------------------
Jonathan R. Stanton jonathan at cs.jhu.edu
Dept. of Computer Science
Johns Hopkins University
-------------------------------------------------------
More information about the Spread-users
mailing list