|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] ISCSI: User authentication vs. Machine Authentication for iSCSII have been fighting with this problem since I left LA. I am not aware of any usage scenarios today where block devices are owned by the user rather than the machine. I will conceed that in many instances the first thing the system does is assign the resource to a use (tape, scanner, etc.) but the machine still owns the resource and can in fact remove it out from under the user... I am not to certain how I could build a trusted iSCSI environment where one user would have no knowledge about what was happening with other users in a malicious environment (especially where a system was participating in the exposure of resourses). Examples of this include things like co-located Web hosting where a single user scans process memory looking for 1Kbit of random data, and when finding it attempts to determine if that is the private key of a user sharing the resource. The reason I am bringing this up, is I am not sure trying to define security above the machine level makes any sense for iSCSI. Aren't most SCSI devices owned by the Operating System not the User and partitioned out by the Operating System to the users ? If this is the case many of our authentication methods simplify to simple IKE identities. Bill
Home Last updated: Tue Sep 04 01:03:51 2001 6315 messages in chronological order |