Re: [Handle-info] admin question and further security considerations

[Konstantin Rekk <konstantin.rekk@gbv.de>]

Hi Sean,

thanks for explanations, just to be sure that I am getting it right?:

- with HS_ADMIN [create hdl,delete hdl,add val,read val,list] (local
Admin in 0.NA/prefix) I couldn't modify HS_VLIST and couldn't add
further pubkeys (of different persons for example) to enable different
admins with same rights?

- with the above HS_ADMIN permission  settings I couldn't add an admin
(group) with restricted settings for example: [create hdl,read val,list]

- all prefix/xxx handles I could only create using the one local
HS_ADMIN from 0.NA/prefix

- a HS_ADMIN in prefix/ADMIN has no global meaning at all except for
prefix/ADMIN permissions, but of course the PUBKEY has if referenced
form a handle prefix/xxx

- I could use the prefix/ADMIN PUBKEY in HS_ADMIN entry of prefix/xxx,
what will the perm. flags do:
create hdl - not relevant
delete hdl - not relevant
all the value perms - apply to prefix/xxx
all the NA perms - of course dont apply
all  admin perms - apply to prefix/xxx

- summarizing: I couldn't have an na admin group whithout delete rights
(in the above setup of na admin), creating and deleting handles can only
be done by the na admin, the only flexibility I have to grant rights is
on the value level. So there is no way around subprefixes if one wants 
admin granularity on handle level or otherwise one has to plugin an own
rights management within the client/server interface level? 
If so you should state that somewhere clearly on your website. 

I think that my mistake was that I confused the ability to use handle
system to build up a flexible authentication infrastructure with a
flexible authentication infrastructure of the handle system itself.

question: wouldn't it be better to have two different HS_ADMIN types
cause the semantic is quite different for na admins and not na admins?

BTW: I think Jane had set the admin rights according to:
http://www.handle.net/hs_desc_auth.html :
"In order to create an identifier under a given prefix, the owner of the
prefix (the part of the handle before the slash) must give you
permission to create identifiers under that prefix. He can give you
permission to create identifiers by adding your admin handle and the
index for your key value to a list of administrators who have permission
to create identifiers under that prefix."

Can I as the owner  do so with: [create hdl,delete hdl,add val,read
val,list] in 0.NA/prefix ? Otherwise if I get the nessecary rights I
could easily extend my rights as shown in my last email - either I am
missing here some important insight or the whole permission scheme could
be rather questionable.

Thanks!

Konstantin

On Mon, 2008-02-11 at 17:42 +0000, Sean Reilly wrote:
> It depends upon what the permissions are.  Permissions in the prefix/ 
> ADMIN_XXX handle apply only to the prefix/ADMIN_XXX handle itself.   
> Some of those permissions (create-NA/delete-NA/create-hdl) will
> simply  
> be ignored in non-prefix (0.NA/*) handles.
> 
> In 0.NA/prefix most permissions apply only to the 0.NA/prefix handle  
> itself.  Other permissions grant the ability to create handles under  
> that prefix (create-handle), create sub-prefixes (add-NA) or delete  
> the prefix handle itself (delete-NA) 


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info