[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Re: [Arch]a couple of questions and suggestions
|
From: |
Mason Ham |
|
Subject: |
Re: [Auth]Re: [Arch]a couple of questions and suggestions |
|
Date: |
Fri, 13 Jul 2001 16:26:49 -0400 |
The idea here is that there isn't a huge cost. There will be some cost for
the "root" servers, but the rest is "inexpensive" GNU/Linux boxes that
simply act at the routers to the pr servers. Also, the personal server
should and could be very light weight, basically a Web service that response
on a now port. So you could run locally or have someone else host it for
you. The service itself could be implemented by using XML and then simply
responding to it. I would be allot like LDAP, but with more security and
other stuff in it. The trick is that it only does this one thing, and people
can then act as proxy's for your personal information.
Mind you, the one thing that no one seems to be addressing is
"human"/"Business" nature. It is all well and fine to say you are going to
keep control of the data, but once you give that data to another party,
you/we are completely at there mercy. That is, if they can do something
useful with the data that you sent them then they can sell the something
useful!
That means that the system is going to half to rely on other mechanism to
insure that part of the deal.
The other advantage of this system is that it allows us to have a total
audit cycle, which is good.
I would guess that the total cost to get all the servers that would be
needed to host R servers is most likely 1 million start-up and USD500 for
the rest. Since one could consider the OR level servers to be "public" use
servers, a government could do the cost or a company. Lets face it, think
about he "good will" that you could get by saying you are "protecting"
people ... I think that a company would pony up. Also, think about IBM and
Microsoft with UDDER, they are running those servers, why not add a few more
that are OR level servers? Also, since the Rservers, PL, SL don't hold any
information, it shouldn't be a breach in security to simply have them be
daemons running on boxes ... TIMHO is not an expensive path, money is needed
yes, but you can grow to it rather than having to put all the money up-front
which to me would be bad :-)
Mason
----- Original Message -----
From: "Mod Man" <address@hidden>
To: <address@hidden>
Cc: <address@hidden>
Sent: Friday, July 13, 2001 4:03 PM
Subject: Re: [Auth]Re: [Arch]a couple of questions and suggestions
> My question to this would be:
>
> How much would it cost a companies to deploy such a system and how hard
would it be to get it adopted?
>
> I think that what we need to focus on is a drop in solution, not one that
will need a large investment on the ISP/Corperation side.
>
> and since DNS is a distributed system of servers, a similar system for
dotgnu would also require such an infrastructure and therefore a lot of
cost, no?
>
> On Fri, 13 July 2001, "Mason Ham" wrote:
>
> >
> > Tell me what you all think of this idea ....
> > Preface:
> > I know that there are lots of security problems with DNS, but the
basic
> > structure is sound, and would let us get some interesting results when
it
> > comes to scalability and redundancy ... so just suspend the security
> > question about dns and assume that we "fix" that part.
> >
> > The idea:
> > as proffered in this list (well it is actually scared all over the
three
> > lists ;-) we could us a URI to get to a security resource. If we did
that,
> > and then had root domain servers that "delegated" to child servers, we
could
> > end up with a web of authorities, like the PKI or DNS. It might look
> > something like this:
> >
> > R1
> > / \
> > / \
> > PL1 PL2
> > / \ \
> > / \ \
> > / \ \
> > / \ \
> > SL1 SL2 SL3
> > / \ / \ / \
> > / \ | | / \
> > | | | | | |
> > pr1 pr2 pr3 pr4 pr5 pr6
> >
> > Where:
> > R -> the root server
> > PL -> Primary Level
> > SL -> Secondary Level
> > pr -> Personal Level
> >
> > Then when you the end user wants to use the "dotGNU" or .Net stuff, you
> > actually point to your own record so:
> >
> >
auth://pr5.SL3.PL2.R1:<object_wanting_to_get_info>/<your_record>?<infolevel_
> > type>
> >
> > Where the object wanting to get info. is the site or bean/activeX
> > control/Web service etc, and the infolevel is this a "known" tagged name
set
> > for the info being requested. This is important I feel cause we need to
be
> > "as easy" to use as .Net or any other authorization mechanism. This list
> > would actually be stored in a meta repository. That is accessible to any
who
> > want it. We would also have the auth servers "catch" the meta data. So
if it
> > looks up a request for "email" (which gives a users email back as the
> > response to the query). The pr servers are responsible for maintaining
the
> > authorizations for that specific user.
> >
> > What do you all think? This would let an end-user provide the data from
> > there machine, or "push" it up to an APS (Authentication Provider
Service).
> > Further, since there are named 'groups' that a user authorizes, it would
be
> > very easy for the users to "maintain" control of there information.
> >
> > Mason
> >
> > PS Just so people don't laugh me out of this group .... I would use some
> > sort of hash from the persons name for the routing resource :-)
> >
> >
> >
> > ----- Original Message -----
> > From: "David Sugar" <address@hidden>
> > To: "Martin Coxall" <address@hidden>
> > Cc: "Norbert Bollow" <address@hidden>; <address@hidden>
> > Sent: Friday, July 13, 2001 9:27 AM
> > Subject: Re: [Auth]Re: [Arch]a couple of questions and suggestions
> >
> >
> > > Hailstorms tend to be distructive. And one should not need to use a
> > passport
> > > in one's own country. Yes, we do intend to and will offer an
alternative.
> > > The solution will be one that allows one to selectivily retain or
migrate
> > user
> > > data either on one's personal PC or to other DotGNU servers operated
by
> > any
> > > level of provider, on a selective basis at the user's full discretion
and
> > > control, to retain control over what data is given out, to whom, etc.
For
> > the
> > > ISP, it means they could indipendently offer DotGNU services and
branding
> > to
> > > users rather than being cut out of the loop entirely.
> > >
> > > David
> > >
> > > Martin Coxall wrote:
> > >
> > > >> The DotGNU project is about creating an operating system for
> > > >> distributed virtual servers, on which web services can run as
> > > >> applications.
> > > >
> > > >
> > > > But if we want to counter .NET, we have to counter Hailstorm as
well,
> > and
> > > > that means providing a full range of web services for ISPs etc. to
pick
> > up.
> > > > This may be a secondary requirement, but I feel that this should be
an
> > > > important (and interesting) part of the dotGNU project.
> > > >
> > > > ---
> > > > Martin
> > > > ---
> > > >
> > > > "Where laughing and smiling are not allowed"
> > > >
> > > > _______________________________________________
> > > > Arch mailing list
> > > > address@hidden
> > > > http://dotgnu.org/mailman/listinfo/arch
> > >
> > > _______________________________________________
> > > Arch mailing list
> > > address@hidden
> > > http://dotgnu.org/mailman/listinfo/arch
> > >
> >
> > _______________________________________________
> > Arch mailing list
> > address@hidden
> > http://dotgnu.org/mailman/listinfo/arch
>
>
> Find the best deals on the web at AltaVista Shopping!
> http://www.shopping.altavista.com
>
- Re: [Auth]Re: [Arch]a couple of questions and suggestions,
Mason Ham <=