-
Notifications
You must be signed in to change notification settings - Fork 175
RFC #3: Proxy creation and upload via a browser
A lot of users are demanding for mechanism of proxy creation and upload through the browser. There are two ways for doing that: local and remote.
Local way of proxy creation is considering an applet written in Java/Flash/Whateverelse with an ability to access local file system and execute openssl commands. The pros of such approach is that we are sending a proxy over the network. The contras are difficulties with maintenance of the applet, any unexpected limitation on the local side during and after the installation and many others concerns.
The remote way is looks like as an export of the user’s credentials as p12 file and upload of the p12 over HTTPS channel to a server. Then the user enters a password and we do the rest including the removal of the p12 from the server side.
The only worry which i see here is that the transfer of p12 credentials over the network is not a common practice. But if we’ll use the HTTPS channel for that it shouldn’t be any differ from standard copying of the private/public keys over SSH. So, basically i don’t see why we can’t implement the second approach and let the users happily work with the web portal without any need for DIRAC local client installation.