astroaztec: (Default)
[personal profile] astroaztec
Big Faraway Observatory notes that travel to their site consumes many resources, so they allow remote operation of their facility over the internet. Remote site engineers and Big Faraway admins find recurring security concerns in the scheme used to authenticate remote users. Big Faraway admins have limited resources and are not prone to address the concerns. Remote site overseer wants to improve the security.

Big Faraway Observatory has an operable scheme for managing the identity of principal investigators, but no scheme for managing the identity of collaborators. I note that the overall structure of the problem is basically the same as blogger identities with friends lists; that is, there are principal investigators who are awarded telescope time, and they have teams of collaborators who may participate in (or even perform) the observations. I point out means by which authentication information could be automatically transferred to the principal investigators, but they would have to disseminate that authentication to delegated collaborators. Whereas some astronomers know what is meant by handling cryptographic authentication tokens, most do not.

I note one snip from the second paragraph of section 3 of the Internet Draft for OAuth 2.0 which has recently been required for Twitter clients:
the authorization server MUST first verify the identity of the end-user.
In order to solve the problem somebody is going to have to manage identities, and delegation of authority to other identities. It doesn't make sense for that to be done by anyone other than Big Faraway Observatory. I assert to Remote site overseer that we can't solve the problem.
From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

astroaztec: (Default)
astroaztec

December 2013

S M T W T F S
1234567
891011121314
15161718192021
22 232425262728
293031    

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 21st, 2017 12:08 pm
Powered by Dreamwidth Studios