Proposal for the connected redfish client info
Patrick Williams
patrick at stwcx.xyz
Fri Mar 27 01:01:33 AEDT 2020
On Thu, Mar 26, 2020 at 01:54:05PM +0530, Ratan Gupta wrote:
> >> This confuses me, how are you getting the serial number for a
> >> connected client? If so, have you looked into data protection laws
> >> and storing Personally Identifiable Information?
> >
> > Client have to give this info, it could be anything like hostname of
> > the client, serial number of the machine etc, it is up to the client
> > what they want to provide as part of client identifier.
> >
> > Why it is needed?
> >
> > Consider the below use case
> >
> > => Client(x.x.x.x) creates the session with BMC
> >
> > => BMC stores this IP(x.x.x.x)
> >
> > => Now say Client IP(x.x.x.x) got change to y.y.y.y but the session is
> > still valid.
> >
> > => Stored IP(x.x.x.x) will not be much usable here in this scenario
> >
> > => Here Client Identifier may be usable to identify the connected client.
> >
> > Let me know your thoughts here.
IP addresses are a terrible way of attempting to identify a client
anyhow. Aren't there hundreds of implementations of authentication
tokens used in web technologies? Why are we attempting to invent
something new?
It seems like much of the internet world has coalesced around JWT.
https://tools.ietf.org/html/rfc7519
--
Patrick Williams
More information about the openbmc
mailing list