summaryrefslogtreecommitdiffstats
path: root/src/auth/scheme.txt
diff options
context:
space:
mode:
Diffstat (limited to 'src/auth/scheme.txt')
-rw-r--r--src/auth/scheme.txt87
1 files changed, 87 insertions, 0 deletions
diff --git a/src/auth/scheme.txt b/src/auth/scheme.txt
new file mode 100644
index 000000000..0df00addc
--- /dev/null
+++ b/src/auth/scheme.txt
@@ -0,0 +1,87 @@
+
+client_name = foo (mon has some corresponding shared secret)
+client_addr = ip address, port, pid
+
+
+monitor has:
+
+client_auth {
+ client_name;
+ client capabilities;
+ client secret;
+};
+map<client_name, client_auth> users;
+
+struct secret {
+ bufferlist secret;
+ utime_t created;
+};
+map<entity_name, secret> entity_secrets;
+
+struct service_secret_set {
+ secret[3];
+};
+map<string, service_secret_set> svc_secrets;
+
+/*
+svcsecret will be a rotating key. we regenerate every time T, and keep
+keys for 3*T. client always get the second-newest key. all 3 are
+considered valid. clients and services renew/reverify key at least one
+every time T.
+*/
+
+
+client_ticket {
+ client_addr;
+ map<svc name or type, blob> client_capabilities;
+};
+
+
+
+authenticate principle:
+
+C->M : client_name, client_addr. authenticate me.
+ ...monitor does lookup in database...
+M->C : A= {client/mon session key, validity}^clientsecret
+ B= {client ticket, validity, client/mon session key}^monsecret
+
+
+authorize principle to do something on monitor:
+
+C->M : B, {client_addr, timestamp}^client/mon session key. do foo (assign id)
+M->C : result. and {timestamp+1}^client/mon session key
+
+
+authorize for service:
+
+C->M : B, {client_addr, timestamp}^client/mon session key. authorize me!
+M->C : E= {svc ticket}^svcsecret
+ F= {svc session key, validity}^client/mon session key
+
+svc ticket = (client addr, validity, svc session key)
+
+
+on opening session to service:
+
+C->O : E + {client_addr, timestamp}^svc session key
+O->C : {timestamp+1}^svc session key
+
+
+
+
+
+To authenticate:
+
+ client -> auth:
+ {client_name, client_addr}^client_secret
+ auth -> client:
+ {session key, validity, nonce}^client_secret
+ {client_ticket, session key}^service_secret ... "enc_ticket"
+
+where client_ticket is { client_addr, created, expires, none, capabilities }.
+
+To gain access using our ticket:
+
+
+
+