Kerberos authentication. Easier than pubkeys, and more secure. Fahad Sadah
2009/7/29 John at Darkstar vacuum@jeb.no
Perhaps there could be some kind of central management of some kind.
One thing is distribution of the open databases. It should not be necessary to set up replication for each and every toolserver.
Some kind of central authentication so access can be federated perhaps, yet authorization should be enforced locally.
But then perhaps we could use the same facility if the internal access rules on the various servers could be more stringent, that is a Norwegian server is for Norwegian use only - even if its located in the cluster. More like a webhotel with server hosting for chapters. Now, make it even more general and say virtual servers for the chapters own use and make them off-limit for other bot operators.
Still, note that such a server, virtual or not, has to be under complete control of the individual chapter. Even sharing backup tapes could be troublesome.
I would suggest though that we should set up some means of exchanging
info
between the different projects of that kind - to my knowledge, there'S
the boxes
in poland, now in norway, and wmde's toolserver. Do you know of more?
What would
be a good way to communicate? Yet another mailing list?
I don't think another mailing list is necessary. If a toolserver-box is used for something else that need higher confidentiality then it should go on a local chapter list or something similar.
-- daniel
John
Toolserver-l mailing list Toolserver-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/toolserver-l