XO identity shared via Browse

[Greg Smith]

Hi Luke,

If you're interested in Sugar on XO, I believe that Tomeu et al want you 
on devel... Anyway I'll try to copy you on this thread.

It would be useful to have a generic solution which works with many 
types of server software and many network configurations.

However, this is where I need to separate "must have" from "nice to have".

We must allow the XS to know which XO it is talking to when there is an 
XS and XO on the same protected network (AKA XS doing NAT and acting as 
gateway to Internet).

I can't wait for the "nice to have" piece if there is no agreement on 
technical implementation. I want the "must have" piece by March, no 
matter what.

I'll take both too but I wont settle for none of the above :-)

Thanks,

Greg S

Luke Faraone wrote:
> On Thu, Dec 4, 2008 at 19:17, Greg Smith <gregsmitholpc at gmail.com> wrote:
> 
>> I'm copying in Devel and will drop the sugar list on further replies
>> (hope that's the right netiquette in this case...).
> 
> (note: I'm not on devel, so please keep me CC'd)
> 
> 
>>  > security)   who are the principals?
>>  >   what are their goals?
>>  >   what attacks concern us?
>>
>> GS - In general I don't want any other devices to be able to appear to
>> be the XO. We can assume that the XS <-> XO is a secure network not
>> visible to the outside workd (whether that is true in practice is
>> another story). So I moved the encryption and stringent security
>> requirements to the optional case where the XO is talking to a non-XS
>> server.
>>
> 
> I'd rather not make that assumption. Some schools may not have a _local_
> school server (even dispite our best wishes) or a student may want to access
> the server from a non-local connection. The XS, IMHO, should support the
> "road warrior" use case (at least for post-registration)
> 
> 
> -lf
>