Re: [Plastic-devs] Small plastic items
Brought to you by:
johndavidtaylor,
thomasboch
Menu
▾
▴
Re: [Plastic-devs] Small plastic items
|
From: Mark T. <m.b...@br...> - 2006-09-14 18:28:28
|
On Thu, 14 Sep 2006, Alasdair Allan wrote: > > Mark Taylor wrote: > > Longer term, I'd like to see hub implementations supporting a > > message or messages which is/are sent (to anyone who's asked) > > logging all traffic. This would be able to provide more > > information, including who messages have been sent to and what the > > responses were. > > Of course at this point we wander into the wonderful world of > authentication and security. If I direct a message to a specific > application via the hub, rather than a broadcast message to all > applications supporting that message, should the hub be permitted to > pass the existence of that message on to a 3rd party logging > application? That is a good point. Maybe the best thing to do there is to arrange that by default the hub will not publicise potentially private message content, but that it can be configured to do so (for debugging purposes etc). If you're being paranoid you shouldn't send sensitive content in the first place, since there's nothing in PLASTIC which says that the hub is not allowed to do this, and precedent in V0.4 for it doing so. There are various other security issues, some of which I can think of fixes for (e.g. see sec. 6 of http://wiki.eurovotech.org/twiki/bin/view/VOTech/PlasticRemould ), but I doubt we're ever going to be in a position to introduce an ivo://votech.org/pay(String creditCardNum, int pin, float amount) message. Mark -- Mark Taylor Astronomical Programmer Physics, Bristol University, UK m.b...@br... +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/ |
