New authentication scheme for viewing TT data

Tue Apr 24 13:16:44 CEST 2001

Mike,

> When we sought clarification, this is what Mark Santcroos wrote:
> 
>"Not all testbox hosts want to expose the quality of their network to the
> public, therefor (by default) you will only be able to view the traffic
> that is related to your testbox.
> 
> That means that the generic user/passwd combination to view all data will
> eventually disappear."
> 
> As I say, I understand the need for the change, but wonder could its
> effects, particularly that of Mark's last sentence above, be mitigated.

I am sorry for the confusion created by our e-mails, but as both
Henk and I are attending the PAM2001 conference, Mark answered to
to provide you with a timely reply. (and I overlooked his message
when processing my e-mail last night)

Let me stress again that the guiding principles behind the new
authentication scheme are still those outlined by Henk in his messages
to tt-wg:

On Wed, 15 Nov 2000, Henk Uijterwaal (RIPE-NCC) wrote:
> 
> > I suggest to do 2 things.  
> > 
> > The plots section of the TTM pages will be split into 3 sub-sections:
> > 
> > A) A general section, explaining what is show in the plots and other
> >    documentation, but no real data.  This section will not be password
> >    protected.
> > 
> > B) A test-box-host section, containing all data that is currently
> >    available.  This section will be password protected with a password
> >    that is made available to the TB-hosts, but may not be passed on.
> > 
> > C) N sections for the customers of a specific site, containing only
> >    plots from and to a certain test-box. This is a subset of (B).  The
> >    TB-hosts can ask for a reasonable number of password/username
> >    combinations for their customers.
> > 
> > Before a customer gets the password for (C), he will be asked to sign a
> > data-disclosure agreement.  

>  (D) In the meantime, another site asked for the opposite case: they
>     don't mind people seeing plots from their site to the rest of the
>     world, but also like to install a few test boxes to measure on their
>     own networks only and NOT publish those results.

i.e. the generic account would continue to exist and provide access to
all plots _except_ those which fall in case D mentioned above.  For example
if we were to deny the generic account access to tt01 and tt02 others
would not be able to see the results for the NCC's internal measurement
tt01 <-> tt02, but the measurements involving the other testboxes would be
visible from the respective sender/receiver's area.

However, as the new authentication mechanism is very flexible and more
organisations have joined TTM, it's a good idea to revisit the issue on
the tt-wg mailing list and also in the tt-wg session at next week's
RIPE meeting.

-- Rene

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rene Wilhelm                    RIPE Network Coordination Centre
Email: wilhelm at ripe.net         Test Traffic Measurements
Phone: +31 20 535 4417          Amsterdam, the Netherlands
Fax:   +31 20 535 4445          http://www.ripe.net/ripencc/mem-services/ttm/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=