On Sun, Dec 7, 2008 at 11:05 PM, Luke Faraone <[EMAIL PROTECTED]> wrote: > In a earlier thread, you said that IDP shouldn't be visible to the public > internet. > > Why is this, and what can be done to secure the service?
Good question - if a bit mixed up. Two separate things have been discussed. - OpenID and similar schemes have the concept of IdP (identity provider), it's a role in the overall scheme, in practice usually performed by a webservice -- right now we don't have OpenID or anything. The IdP needs to be published on a routable address, and I've mentioned that in many (most?) real life scenarios, the XS as installed in schools won't have a routable address. - The current XS software has a service we call the identity manager - idmgr. That is the "registration" service, talks a simple xml-rpc proto, and if you register successfully it gives you an ssh account. Sandboxed and protected, but an ssh account. With that ssh acct, you'll get good, efficient backups using rsync over ssh, and other future services are expected to rely on the ssh keys too (see the Browse.xo discussion). You can see - we _trust_ the XOs on the local network to an extent, and this trust is not scalable to the wild and wooly internet... Does either track answer your question...? cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff _______________________________________________ IAEP -- It's An Education Project (not a laptop project!) [email protected] http://lists.sugarlabs.org/listinfo/iaep
