Re: ISCSI: User authentication vs. Machine Authentication for iSC SI

[Stephen Bailey <steph@cs.uchicago.edu>]

> The new Name (UserID) is exactly what was implied at the meeting in
> Irvine.

Oh.  How horrible.

> A number of us, I am sure, think this is a very poor direction for an
> implementation.

Agreed.  I just wanted to walk the space a little bit.  My point is
that while traditional SCSI passthru does confer control privs (and is
protected as such), it doesn't need to.  Specifically, a client using
SCSI passthru is not actually given the identity of the host OS, per
se.

> So I believe we must consider such a potential application as
> probably a rouge application and do nothing to help this, and work
> to prevent it.

I understand what you're saying, but I'm not sure it confers much
architectural direction.  There already must be a concept of identity
which is independent of anything bound to a particular system (e.g. IP
address, hardware network port etc.), so there's no way to exclude
that.

> The important issue is, can we make the iSCSI Initiator Node Name be
> used as the UserID.

Agreed.  Are there minutes to the meeting?

Thanks,
  Steph