[Sugar-devel] IDP security

[Martin Langhoff]

On Sun, Dec 7, 2008 at 11:05 PM, Luke Faraone <luke at laptop.org> wrote:
> In a earlier thread, you said that IDP shouldn't be visible to the public
> internet.
>
> Why is this, and what can be done to secure the service?

Good question - if a bit mixed up. Two separate things have been discussed.

- OpenID and similar schemes have the concept of IdP (identity
provider), it's a role in the overall scheme, in practice usually
performed by a webservice -- right now we don't have OpenID or
anything. The IdP needs to be published on a routable address, and
I've mentioned that in many (most?) real life scenarios, the XS as
installed in schools won't have a routable address.

- The current XS software has a service we call the identity manager -
idmgr. That is the "registration" service, talks a simple xml-rpc
proto, and if you register successfully it gives you an ssh account.
Sandboxed and protected, but an ssh account. With that ssh acct,
you'll get good, efficient backups using rsync over ssh, and other
future services are expected to rely on the ssh keys too (see the
Browse.xo discussion).  You can see - we _trust_ the XOs on the local
network to an extent, and this trust is not scalable to the wild and
wooly internet...

Does either track answer your question...?

cheers,



m



-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff