Using Twisted Cred

I'm trying to move to using Twisted Cred and bring the perspective into perspective broker for Nessie. It's turning out to be a rather large refactoring. Because of that, I created a tag to the pre-cred code.

Originally, information was shared in both directions through a single root peer object. Now, with the advent of avatars and perspectives, it's looking like information should really only flow in one direction. That is, from the authenticator to the authenticated. Or in other words, information should only flow from the server to the client. For the server to get information from the client, it needs to authenticate with the client. Thus, the server becomes a client and the client a server. (Sorry, I couldn't resist making that sound more complicated than it really is.)

I think this will probably make things more secure. However, I think it's also likely that, in many cases, the server will not want to share information with an authenticated client unless the client also authenticates the server. Basically, share and share alike. That complicates things some what and I think I'm going to overlook it initially in the hopes that a simple solution presents itself (I believe this is likely to happen).

This structure defines the flow of data better than the pre-cred code did and should simplify peer updates and routing. Although the code will change quite a bit, I think it's for the best. I plan to check something in tomorrow, although, I will be hesitant to check in without at least having the Alice and Bob network test passing.

No comments:

Post a Comment