SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSCSI: Security Enviornments



    
    
    On subject of authorization - I think we would be ill advised to start
    something - there is a considerable body of work being done in the security
    area under the name GAA (like GSS) and we might want to use it when ready.
    We can provide them with input and/or help.
    
    Julo
    
    
    Black_David@emc.com on 18/02/2001 23:00:35
    
    Please respond to Black_David@emc.com
    
    To:   dotis@sanlight.net, ips@ece.cmu.edu
    cc:
    Subject:  RE: iSCSI: Security Enviornments
    
    
    
    
    > Thank you for the information.  You have made it clear you view iSNS is
    to
    > be the source of authorization.  I fail to understand what limitation
    exists
    > using LDAP directly versus this rehash of DNS and LDAP, but you should
    > understand the importance of asking such dumb questions.
    
    iSNS is by no means the only possible source of this sort of information.
    If someone wants to use LDAP, they should write up and submit a draft
    on how to use it.
    
    >  security management must be able to
    > endure device failure.  This implies security is placed safely somewhere
    > which contains both authentication and authorization information.
    
    The implication is incorrect.  The ability to run the security management
    application on more than one host to manage access control lists in
    persistent storage on the device is a counterexample.
    
    Most access control lists are stored at the point of access rather than
    obtained from an external source.  I think it's up to the WG to decide
    whether to store authorization information at the target vs. obtaining it
    externally.
    
    --David
    
    ---------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 42 South St., Hopkinton, MA  01748
    +1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
    black_david@emc.com       Mobile: +1 (978) 394-7754
    ---------------------------------------------------
    
    
    
    
    


Home

Last updated: Tue Sep 04 01:05:31 2001
6315 messages in chronological order