Re: myproxy additions

To: Jason Novotny <jdnovotny@lbl.gov>
Subject: Re: myproxy additions
From: Jim Basney <jbasney@ncsa.uiuc.edu>
Date: Mon, 22 Jul 2002 10:29:08 +0100
Cc: myproxy-users@ncsa.uiuc.edu
Content-type: text/plain; charset="us-ascii"; format=flowed
In-reply-to: <3D35A6E8.5050604@lbl.gov>
Sender: owner-myproxy-users@ncsa.uiuc.edu

Jason,

Yes, we've begun work on supporting multiple credentials per username.  I 
should put up a web page that describes our work in progress.  Basically, 
we added an optional "credential name" field with an associated 
command-line argument for specifying the credential name to myproxy-init 
and myproxy-destroy.  Our current implementation doesn't require that each 
credential be stored under the same password.  I'm not sure what the 
benefit of that is.  Right now we treat each credential as a completely 
separate entity, with its own access policy, password, etc.  One of the use 
cases of multiple credentials is that I may want to delegate a credential 
under one password to one portal without giving away the password to any 
other credentials stored on myproxy.  We also extended the myproxy-info 
command to display information about all credentials for a given 
username.  Does that sound like it will meet your needs?  I expect this new 
functionality to appear in a release in the fall when the grad student 
working on it returns from his summer internship...

-Jim

At 12:18 AM 7/18/2002, Jason Novotny wrote:
>Hi Jim,
>
>    In drafting our portal design document, we came up with a couple items 
> for Myproxy. Our main concern is that Myproxy be able to handle multiple 
> credentials under one username. Currently, we address this limitation in 
> Myproxy by using the portal to store multiple usernames assuming the same 
> password is used for each credential stored.  I can imagine a few simple 
> protocol additions and maybe accompanying myproxy- command line tools.
>    myproxy-add -s hostname -l username. Here a user just provides the 
> same passphrase they used initially and then adds a credential.
>    myproxy-list -s hostname -l username provides a listing of the 
> credentials a user has stored.
>    myproxy-destroy -s hostname -tag id. Some way of deleting a specific 
> credential. Maybe the myproxy-list returns an itemized list, so 
> myproxy-destroy -t 1 would delete the first credential or something like that.
>
>    What do you think? Would your group be interested in implementing 
> this-- otherwise I might begin work on it around the fall time frame if I 
> can find the time ;-)
>
>    Thanks, Jason

References:
- myproxy additions
  - From: Jason Novotny

Prev by Date: myproxy additions
Next by Date: problems installing myproxy
Previous by thread: myproxy additions
Next by thread: problems installing myproxy

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index