From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@cse.psu.edu Subject: Re: [9fans] an idea From: rog@vitanuova.com In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Tue, 27 Apr 2004 00:26:30 +0100 Topicbox-Message-UUID: 6f385f64-eacd-11e9-9e20-41e7f4b1d025 > [Tauth/Rauth is] useful for only the reason it was introduced: to take > the authentication out of the protocol proper for those file servers > (/sys/src/fs) that don't do authentication otherwise. i think that's a bit strong. if i am connecting to a service through a mutually trusted third party (a CPU server, for example) then might this kind of authentication not be useful? from the service's point of view, only the third party has the capability to mix up users. from my point of view, only the third party can act illegitimately on my behalf. since we both trust the third party, surely there's no problem? as an example, consider the inferno demo grid (*). it's providing a range of services through a single Styx connection. with the current scheme, all services have to be part of the same user domain. however the "spree" games service allows a different set of users. using Tauth/Rauth, that service could authenticate a remote user appropriately through the same connection, rather than needing to listen on a separate tcp port as currently. i'm probably missing something, but that sounds reasonable (and useful) to me. * http://www.vitanuova.com/solutions/grid/demogrid.html, for those interested.