Hola Martin!
On Saturday 04 October 2008 09:22:11 Martin Langhoff wrote:
On Fri, Oct 3, 2008 at 7:22 PM, Andrés Ambrois [EMAIL PROTECTED]
wrote:
I am, together with Pablo Flores, working in preparing EduBlog for
deployment in Ceibal (yay!). However, one of the big challenges ahead is
deciding on the security infrastructure needed. So I've decided to
consult the gurus at server-devel =) .
Hola Andres!
- What's your timeframe?
The timeframe for our project is 5 weeks starting from last Wednesday, in
which I need to cover the interface (Moodle and Wordpress theming), course
configuration, authentication, modifying Write to enable blog posting, and
document all this for a manual.
- Are the Ceibal machines registering with the Ceibal servers in any way?
My understanding of the current security architecture in Ceibal is almost
non-existent, as I'm not working in LATU, and it has been a black box for
external developers. I realize this will seriously hamper any take at the
authentication problem, but I guess it's clear that there's little I can
accomplish in this sense from the timeframe above.
However, I believe there will be someone exclusively working on the security
of the system. I will make sure to point him/her to this thread on Monday when
we meet.
The other real solution that comes to mind would be TLS (SSL), maybe
using the DSA SSH key generated in first-boot? I believe this would
involved modifying Browse to use that file, and also gathering the XOs
public keys manually and add them to the server, which is a logistic
nightmare. I hope I'm wrong in this, could you advise me?
That is one of the paths we are exploring :-) with an additional tweak
to the 'register' action that retrieves the self-signed cert of the
server on the XO as a trusted cert, and gives the XS the cert of the
XO.
This of course needs a change in the register API - (minor) code
changes on the XO core Sugar libs and in Browse.
I'm glad I wasn't that far off :). Are these required modifications documented
somewhere?
cheers,
m
--
-Andrés
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel