[Fiware-wpa] Rationale under the organization of the IP authorised to access the testbed

Miguel Carrillo mcp at tid.es
Wed Aug 22 15:31:18 CEST 2012

Previous message: [Fiware-wpa] Deprecated wiki pages
Next message: [Fiware-wpa] IP for FI-WARE GE testing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,

You will remember that one of the APs from last Follow-up confcall was to find out why we had a company wide list of IPs and then one extra list per enabler. I asked Thorsten Sandfuchs, who originally  organized the IP collection methodology and his answer gives a straight explanation that sounds rather reasonable:


"Administrative access includes in general other ports and IP ranges, than pure "user" access.
E.g. I access a server for administration via ssh and port 22 from different IP, than using the company wide proxy and http-protocol.

Two lists additionally increase security in theory it is possible to allow only GE providers and their particular IP to access the administration part of their GEs - administration purpose. For larger companies the administration access might even differ for the different chapters/colleagues involved.
The IP list on the operations-page on the other hand would allow for user access only and allows company wide access to the complete testbed and all of the GEs.

It should be easy enough for a GE provider to only supply his particular IP on the GE page and for a company-coordinator to specify only once one IP for the complete company (on the operations page). Alternative would be to gather all of the IPs from the GE-pages and thus increasing administration and inconsistencies, as there are multiple GEs and multiple IP addresses. Having two lists actually ease up the administrative overhead in the end."

Hope this clarifies.

Best regards,

Miguel

--
----------------------------------------------------------------------
     _/          _/_/                     Miguel Carrillo Pacheco
    _/   _/     _/  _/   Telefónica       Distrito Telefónica
   _/ _/_/_/   _/   _/   Investigación y  Edifico Oeste 1, Planta 9
  _/   _/     _/  _/     Desarrollo       Ronda de la Comunicación S/N
 _/          _/_/                         28050 Madrid (Spain)
                                          Tel:  (+34) 91 483 26 77

                                          e-mail: mcp at tid.es<mailto:mcp at tid.es>

Follow FI-WARE on the net

        Website:  http://www.fi-ware.eu
        Facebook: http://www.facebook.com/pages/FI-WARE/251366491587242
        Twitter:  http://twitter.com/Fiware
        LinkedIn: http://www.linkedin.com/groups/FIWARE-4239932
----------------------------------------------------------------------

________________________________

Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-wpa/attachments/20120822/ba6277ea/attachment.html>

Previous message: [Fiware-wpa] Deprecated wiki pages
Next message: [Fiware-wpa] IP for FI-WARE GE testing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-wpa mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy