incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reto Bachmann-Gmür (JIRA) <j...@apache.org>
Subject [jira] [Commented] (CLEREZZA-490) WebProxy agent should identify itself with admin WebID
Date Tue, 10 May 2011 13:07:47 GMT

    [ https://issues.apache.org/jira/browse/CLEREZZA-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031169#comment-13031169
] 

Reto Bachmann-Gmür commented on CLEREZZA-490:
---------------------------------------------

I'd suggest to have a different identity for the instance as for admin. The proxy should act
as the user with the least priviledges not as the one with the most.

> WebProxy agent should identify itself with admin WebID
> ------------------------------------------------------
>
>                 Key: CLEREZZA-490
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-490
>             Project: Clerezza
>          Issue Type: Improvement
>            Reporter: Henry Story
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> The WebProxy makes requests to other servers which may be other WebID enabled servers
that may request the identity of the user. What identity should the server use if it needs
to identity itself?
> Initially at least, and for sake of simplicity,  I think that agent should be the administrator
- ie /user/admin/profile#me . The public key should be the one with which the SSL session
is started.  That key will be CA signed usually. It will be easy to use that certificate+private
key to build a self signed certificate for WebID authentication, on WebProxy startup. The
public key should then be added to the admin user's profile, (and removed when that profile
is changed).
>  
> This should also reduce certain number of exceptions being thrown when the server connects
to itself via ssl. In fact when it does connect to itself, the connection should be a non
encrypted ssl connection.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message