New authentication scheme for viewing TT data
Rene Wilhelm wilhelm at ripe.net
Tue Apr 24 13:16:44 CEST 2001
Mike, > When we sought clarification, this is what Mark Santcroos wrote: > >"Not all testbox hosts want to expose the quality of their network to the > public, therefor (by default) you will only be able to view the traffic > that is related to your testbox. > > That means that the generic user/passwd combination to view all data will > eventually disappear." > > As I say, I understand the need for the change, but wonder could its > effects, particularly that of Mark's last sentence above, be mitigated. I am sorry for the confusion created by our e-mails, but as both Henk and I are attending the PAM2001 conference, Mark answered to to provide you with a timely reply. (and I overlooked his message when processing my e-mail last night) Let me stress again that the guiding principles behind the new authentication scheme are still those outlined by Henk in his messages to tt-wg: On Wed, 15 Nov 2000, Henk Uijterwaal (RIPE-NCC) wrote: > > > I suggest to do 2 things. > > > > The plots section of the TTM pages will be split into 3 sub-sections: > > > > A) A general section, explaining what is show in the plots and other > > documentation, but no real data. This section will not be password > > protected. > > > > B) A test-box-host section, containing all data that is currently > > available. This section will be password protected with a password > > that is made available to the TB-hosts, but may not be passed on. > > > > C) N sections for the customers of a specific site, containing only > > plots from and to a certain test-box. This is a subset of (B). The > > TB-hosts can ask for a reasonable number of password/username > > combinations for their customers. > > > > Before a customer gets the password for (C), he will be asked to sign a > > data-disclosure agreement. > (D) In the meantime, another site asked for the opposite case: they > don't mind people seeing plots from their site to the rest of the > world, but also like to install a few test boxes to measure on their > own networks only and NOT publish those results. i.e. the generic account would continue to exist and provide access to all plots _except_ those which fall in case D mentioned above. For example if we were to deny the generic account access to tt01 and tt02 others would not be able to see the results for the NCC's internal measurement tt01 <-> tt02, but the measurements involving the other testboxes would be visible from the respective sender/receiver's area. However, as the new authentication mechanism is very flexible and more organisations have joined TTM, it's a good idea to revisit the issue on the tt-wg mailing list and also in the tt-wg session at next week's RIPE meeting. -- Rene =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rene Wilhelm RIPE Network Coordination Centre Email: wilhelm at ripe.net Test Traffic Measurements Phone: +31 20 535 4417 Amsterdam, the Netherlands Fax: +31 20 535 4445 http://www.ripe.net/ripencc/mem-services/ttm/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[ tt-host Archive ]