[Twisted-Python] PB URLs (was: Five Crazy Ideas to Start Your Week)

[Brian Warner]

> > 	"Talk to subprocess that runs this command to connect to the other end"
> > 	("ssh remotehost pbserver", "ssh remotehost
> > 	connect-stdinout-to-unix-socket /path/socket")
> 
> I don't quite get what you're talking about here.  You want the URLs to be
> shell command-lines? :)

For what it's worth, the TRAMP emacs mode (a steroid-pumped descendent of
ange-ftp) offers something like this in its 'multi' specification (a stack of
access schemes to get to a file, like 1: telnet to a gateway machine, 2: ssh
from there to remote machine foo, 3: su to root, 4: access file). The syntax
is pretty painful, though, and you have to define the shell commands in
separate variables (indexed by keywords in the pathname).

> > 	I think you may want to look at SASL for ideas on
> > 	authentication. It seems to be the standard way to add generic
> > 	authentication support to a protocol these days.
> 
> From what I can tell, it wouldn't work at all for PB.  From the RFC:

True, SASL is one-encrypt/authenticate per TCP connection. It might make
sense to use it to protect the host-to-host link, and then let PB
authenticate users itself. I don't think it's sufficient to just use
encryption (and not authentication) on the wire.. you need the SASL
authentication layer to prevent a man-in-the-middle attack. Think of ssh's
host key here.

> Sometimes the URLs themselves will be secret and the authentication
> information will be a swiss number or something. E does everything through
> exchange of URLs, and it's pretty secure.

What's the E you refer to here?

> > 	Hmm. Idea. Allow one to specify when the server is trusted.  "Connect
> > 	to server X if its public key has fingerprint F."  http://www.fs.net/
> 
> Any proposals for how to implement that?

I looked at fs.net but wasn't able to follow most of it. The basic idea
seemed to be a URL that had both the DNS name of the server and a hash of the
server's public key. It's kind of like one of the IPv6 proposals to separate
addressing from routing: the name says how to get there, the fingerprint
tells you (after the fact) that you've reached the right spot. Makes the URLs
awfully big, though.

> Not "*the* service", but "a service".  In HTTP, you authenticate with the
> server, because some URLs may be in managed "realms".
> 
> In PB, some objects may require authentication to access. This means that
> you might have to authenticate multiple times in the same URL. I know that
> my suggestion for URLs violates the accepted "standard" in some ways, but
> that's because PB doesn't consider "server" to be a useful level of
> abstraction. Everything is about objects.

Right, so users ought to be scoped to a service? or perhaps an object
provided by a service. One potential problem: the current implementation
sends the username first, and expects to respond to a password challenge
second. Service and perspective come only after user/pass have been
validated. If user objects (Identities) are supposed to be children of the
service, the login process will probably have to change to accept a service
name first.

 -Brian