|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: ISCSI: User authentication vs. Machine Authentication for iSCSIHi Bill: Everything you say is right, up to a point. The functionality envisioned is a virtualization environment in which the operating system, acting on behalf of a user, instantiates an initiator entity at the bottom of the O/S driver stack. That entity in turn, may be logged into a virtualized storage environment created specifically for that user. Afterwords, all i/o directed to that initiator is controlled by the standard O/S mechanisms. All this is analogous to plugging in a new hardware HBA. The powerful feature in this case is the ability to totally control the 'HBA's' view of the storage network. Charles > -----Original Message----- > From: Bill Strahm [mailto:bill@sanera.net] > Sent: Wednesday, August 29, 2001 2:23 PM > To: mbakke@cisco.com > Cc: Ips@Ece. Cmu. Edu > Subject: RE: ISCSI: User authentication vs. Machine Authentication for > iSCSI > > > I am not sure that helped. Again, the model of a Tape drive... > > The user does not own the tape drive, the operating system > owns the tape > drive, when I (as a user) wants to use the tape drive, I ask > the operating > system, it grants me access, and I go on. > > In fact from a purely SCSI level, I do not believe there is > any concept of a > user at all, the Operating system on the device provides the > concept of a > user through the OS abstraction layer. > > The problem that I am having is that I do not see how I can make user > security work through the OS abstraction. And if the OS HAS > to know about > the multiple users, I now have to trust the OS as well, which > means that > effectively I have one user on the machine anyway... > > Bill > > -----Original Message----- > From: mbakke@cisco.com [mailto:mbakke@cisco.com] > Sent: Wednesday, August 29, 2001 2:06 PM > To: Bill Strahm > Cc: Ips@Ece. Cmu. Edu > Subject: Re: ISCSI: User authentication vs. Machine Authentication for > iSCSI > > > Bill Strahm wrote: > > > > I have been fighting with this problem since I left LA. > > > > I am not aware of any usage scenarios today where block > devices are owned > by > > the user rather than the machine. I will conceed that in > many instances > the > > first thing the system does is assign the resource to a use (tape, > scanner, > > etc.) but the machine still owns the resource and can in > fact remove it > out > > from under the user... > > > > I am not to certain how I could build a trusted iSCSI > environment where > one > > user would have no knowledge about what was happening with > other users in > a > > malicious environment (especially where a system was > participating in the > > exposure of resourses). Examples of this include things > like co-located > Web > > hosting where a single user scans process memory looking > for 1Kbit of > random > > data, and when finding it attempts to determine if that is > the private key > > of a user sharing the resource. > > > > The reason I am bringing this up, is I am not sure trying to define > security > > above the machine level makes any sense for iSCSI. Aren't most SCSI > devices > > owned by the Operating System not the User and partitioned > out by the > > Operating System to the users ? If this is the case many of our > > authentication methods simplify to simple IKE identities. > > > > Bill > > Bill- > > As you pointed out, there is a case where just using IKE with > an iSCSI AuthMethod of "none" is valid. That case is where: > > - There a one-to-one correspondence between an initiator and an > operating system > - IPsec is being used for all iSCSI traffic > - The customer is willing to deploy public key certificates on the > client side (for each initiator) as well as on the devices > > If all of the above are true, iSCSI can certainly use an AuthMethod > of none, and be done with it. > > However, > > - There are cases (David Black brought up some tape > applications) where > more than one initiator might exist on an operating system > > - IPsec is not likely to be used for a large percentage of iSCSI > traffic any time soon > > - When IPsec is used, many customers will have an easier time with the > familiar model of authenticating the server "machine" but using a > dummy certificate for the client. > > If any of the above are true, iSCSI-level of authentication is > required. > > Hope this helps, > > Mark >
Home Last updated: Tue Sep 04 01:03:51 2001 6315 messages in chronological order |