X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Fauth%2Fscheme.txt;fp=src%2Fceph%2Fsrc%2Fauth%2Fscheme.txt;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=0df00addc3da5fbc8670b890c4fd206e7bd9be51;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git

diff --git a/src/ceph/src/auth/scheme.txt b/src/ceph/src/auth/scheme.txt
deleted file mode 100644
index 0df00ad..0000000
--- a/src/ceph/src/auth/scheme.txt
+++ /dev/null
@@ -1,87 +0,0 @@
-
-client_name = foo   (mon has some corresponding shared secret)
-client_addr = ip address, port, pid
-
-
-monitor has:
-
-client_auth {
-       client_name;
-       client capabilities;
-       client secret;
-};
-map<client_name, client_auth> users;
-
-struct secret {
-        bufferlist secret;
-        utime_t created;
-};
-map<entity_name, secret> entity_secrets;
-
-struct service_secret_set {
-       secret[3];
-};
-map<string, service_secret_set> svc_secrets;
-
-/*
-svcsecret will be a rotating key.  we regenerate every time T, and keep
-keys for 3*T.  client always get the second-newest key.  all 3 are
-considered valid.  clients and services renew/reverify key at least one
-every time T.
-*/
-
-
-client_ticket {
-       client_addr;
-       map<svc name or type, blob> client_capabilities;
-};
-
-
-
-authenticate principle:
-
-C->M : client_name, client_addr.  authenticate me.
- ...monitor does lookup in database...
-M->C : A= {client/mon session key, validity}^clientsecret
-       B= {client ticket, validity, client/mon session key}^monsecret
-
-
-authorize principle to do something on monitor:
-
-C->M : B, {client_addr, timestamp}^client/mon session key.  do foo (assign id)
-M->C : result.  and {timestamp+1}^client/mon session key
-
-
-authorize for service:
-
-C->M : B, {client_addr, timestamp}^client/mon session key.  authorize me!
-M->C : E= {svc ticket}^svcsecret
-       F= {svc session key, validity}^client/mon session key
-
-svc ticket = (client addr, validity, svc session key)
-
-
-on opening session to service:
-
-C->O : E + {client_addr, timestamp}^svc session key
-O->C : {timestamp+1}^svc session key
-
-
-
-
-
-To authenticate:
-
- client -> auth:
-   {client_name, client_addr}^client_secret
- auth -> client:
-   {session key, validity, nonce}^client_secret
-   {client_ticket, session key}^service_secret  ... "enc_ticket"
-
-where client_ticket is { client_addr, created, expires, none, capabilities }.
-
-To gain access using our ticket:
-
-
-   
-