Wiki Navigation

Security Model

This is a draft, which will be implemented while fixing #35 and #59.

Confidence/Integrity

All communication will happen using a XML-RPC/SSL secure channel.

Authentication

NWU must work with bi-directional security checks. The server must authenticate the client, and vice versa.

Authenticating the server (See #35)

DNS fqdn must match the SSL certificate commonName
After the first connection, the client should save the server's certificate (maybe reviewed by the admin)
If the cert changes, the connection should not be established

Authenticating the clients (See #59)

There are three possible methods. None were implemented yet.
- Use SSL certificates signed by the server
- Use auto-generated passwords, but authenticate to the server using challenge/response.
- Any new client is moved to a "pending" group (simplest and possibly best method)
In any method, we have to make sure that the sysadmin somehow review and approve each client.

Download in other formats:

Plain Text

-->