[Spread-users] Security, Authorisation and Roles in Spread

Jonathan Stanton jonathan at cnds.jhu.edu
Tue May 1 10:46:39 EDT 2007 

Hello,

The access control and authentication framework described in that paper 
is in Spread 4 (and was in the earlier Spread 3 series going back to 
around 2002) The API can be found in the acm.h file in the daemon 
directory. The best explanation of how to create modules is to look at 
the sample acp-permit.c file for the syntax and read the papers you 
found. 

I'm not sure what "Role" functions you are referring to, we did not 
implement a role-based ACL module. The framework we provide 
should support such an approach. 

Given what you describe, I think you can provide that type of access 
control using the current framework. You will need to decide whether 
users need to be strongly authenticated or not (meaning can they pick 
their user names freely or not) and then implement an access control 
module like acp-permit.c but instead of allowing everything, make 
different decisions depending on the user. 

You are correct that the way Spread works out-of-the-box is to allow all 
connections and usage (you can still block it using a firewall)

If this doesn't answer your question, let me know.

Jonathan

On Sun, Apr 29, 2007 at 11:25:30AM +0930, David Lloyd wrote:
> 
> Hi There,
> 
> 
> I note that the ACL/Role functions for Spread refer to this document:
> 
> * http://www.cnds.jhu.edu/pub/papers/ngc01_auth_framework.ps
> 
> From what I can tell, the authentication method(s) implemented are not 
> in the main branch and alter some of the main branches code (1).
> 
> Essentially, I'm wanting to setup a message system where the message 
> system itself will only allow certain sender/receivers to use it and to 
> adjudicate which of these sender/receivers may send or receive.
> 
> If I'm reading the docs for Spread correctly, provided you can connect 
> to the Spread system, you can essentially join, create and hear any 
> messages over any channels/groups...
> 
> DSL
> 
> 1) main branch means a binary such as this one:
>    http://www.spread.org/download/spread-bin-4.0.0.tar.gz
> 
> _______________________________________________
> Spread-users mailing list
> Spread-users at lists.spread.org
> http://lists.spread.org/mailman/listinfo/spread-users

-- 
-------------------------------------------------------
Jonathan R. Stanton         jonathan at cs.jhu.edu
Dept. of Computer Science   
Johns Hopkins University    
-------------------------------------------------------

More information about the Spread-users mailing list