oatslite: a small theft deterrence protocol implementation

[Martin Langhoff]

On Wed, May 27, 2009 at 5:50 PM, Daniel Drake <dsd at laptop.org> wrote:
> It's called oatslite, written in Python, and can be found here:
> http://dev.laptop.org/git/users/dsd/oatslite

And in related news, I've taken Daniel's code, and I'm in the middle
of remixing it wildly into a similar but different OAT server. It's
part of the xs-activation package, and it'll hopefully ship with 0.6 /
0.7...

Main differences between oatslite (OL) and xs-activation (XA)

 - OL is complete and original, XA is neither :-)

 - OL works with pre-cooked leases created with the master key, so it
is appropriate for deployments where you can push leases out to each
XS and where you are comfortable putting the master OATC key in each
XS. XA works with pre-cooked leases or dynamically generated delegated
leases -- XA is designed for the local XS to have a "delegation" from
the master key for each laptops (there are tools in bios-crypto to
generate the delegations).

 - OL never says "stolen" :-) -- XA checks on a local database table
(controlled by Moodle) and can say "you're stolen"

 - OL is http-only, so the port 191 component is fullfilled by the old
xs-activation package. XA has a rewrite of the port 191 server to use
the same code, so it can serve delegated leases and 'STOLEN' tokens.

 - OL is based on a python-based http server, XA is a mod_python
handler that will eat less resident RAM (theory to be validated ;-) )
and coexist with other webapps on the XS.

 - OL is very configurable via a config file. XA is mostly hardcoded,
limited options controlled from Moodle.

given a bit more time I'd have tried to keep more of OL in XA.
Hopefully we'll be able to converge once the dust settles a bit.


m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff