RE: New authentication scheme for viewing TT data
- Date: Tue, 24 Apr 2001 12:56:07 +0100
many thanks for your thorough reply. I think I understand the
position now; the default will be for clients' results to stay in
the generic account web pages, but they can opt out if they want to
keep their results confidential. That's more or less what I was
looking for when I mailed yesterday, which is great.
I won't be able to attend RIPE 39 next week, but promise to
read any online proceedings of the TT WG. I hope you have a
successful and enjoyable meeting.
> -----Original Message-----
> From: Rene Wilhelm 
> Sent: Tuesday, April 24, 2001 12:27 PM
> To: mike.norris@localhost
> Cc: tt-host@localhost tt-wg@localhost
> Subject: Re: New authentication scheme for viewing TT data
> > When we sought clarification, this is what Mark Santcroos wrote:
> >"Not all testbox hosts want to expose the quality of their
> network to the
> > public, therefor (by default) you will only be able to view
> the traffic
> > that is related to your testbox.
> > That means that the generic user/passwd combination to view
> all data will
> > eventually disappear."
> > As I say, I understand the need for the change, but wonder could its
> > effects, particularly that of Mark's last sentence above,
> be mitigated.
> I am sorry for the confusion created by our e-mails, but as both
> Henk and I are attending the PAM2001 conference, Mark answered to
> to provide you with a timely reply. (and I overlooked his message
> when processing my e-mail last night)
> Let me stress again that the guiding principles behind the new
> authentication scheme are still those outlined by Henk in his messages
> to tt-wg:
> On Wed, 15 Nov 2000, Henk Uijterwaal (RIPE-NCC) wrote:
> > > I suggest to do 2 things.
> > >
> > > The plots section of the TTM pages will be split into 3
> > >
> > > A) A general section, explaining what is show in the
> plots and other
> > > documentation, but no real data. This section will
> not be password
> > > protected.
> > >
> > > B) A test-box-host section, containing all data that is currently
> > > available. This section will be password protected
> with a password
> > > that is made available to the TB-hosts, but may not be
> passed on.
> > >
> > > C) N sections for the customers of a specific site,
> containing only
> > > plots from and to a certain test-box. This is a subset
> of (B). The
> > > TB-hosts can ask for a reasonable number of password/username
> > > combinations for their customers.
> > >
> > > Before a customer gets the password for (C), he will be
> asked to sign a
> > > data-disclosure agreement.
> > (D) In the meantime, another site asked for the opposite case: they
> > don't mind people seeing plots from their site to the
> rest of the
> > world, but also like to install a few test boxes to
> measure on their
> > own networks only and NOT publish those results.
> i.e. the generic account would continue to exist and provide access to
> all plots _except_ those which fall in case D mentioned
> above. For example
> if we were to deny the generic account access to tt01 and tt02 others
> would not be able to see the results for the NCC's internal
> tt01 <-> tt02, but the measurements involving the other
> testboxes would be
> visible from the respective sender/receiver's area.
> However, as the new authentication mechanism is very flexible and more
> organisations have joined TTM, it's a good idea to revisit
> the issue on
> the tt-wg mailing list and also in the tt-wg session at next week's
> RIPE meeting.
> -- Rene
> Rene Wilhelm RIPE Network Coordination Centre
> Email: wilhelm@localhost Test Traffic Measurements
> Phone: +31 20 535 4417 Amsterdam, the Netherlands
> Fax: +31 20 535 4445