|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Security Use RequirementsBernard Aboba wrote: > >I haven't heard anyone strongly request this. Hopefully > >another body will handle this within the SCSI layer. If > >there is demand I would suggest looking at how the NFSv4 WG > >handled this using GSSAPI. But I personally think that is > >overkill for iSCSI. > > Are you saying that we *don't* need to worry about multiple > SCSI authentications to the same target IP address and port? > That would certainly simplify things. I can easily see a design that has multiple authentications on the same connection. But I am going to argue that we resist it strongly. Unlike NFS where there are multiple principals on a node muxed over a single connection, SCSI tends to have just one principal (the node) over a connection. While I think that the SCSI community would like to move towards the more complex model, they will have to come up with a common model that will map to all the various transports which I hope will be above the transport layer. iSCSI can then just focus on securing the connection between two nodes and let SCSI deal with multiple authentications. I am curious if anyone else thinks we should try and tackle the much harder problem at the iSCSI layer? -David
Home Last updated: Tue Sep 04 01:05:32 2001 6315 messages in chronological order |