[BXXPwg] User Specific profile advertisement?

Marshall T. Rose mrose+mtr.netnews@dbc.mtview.ca.us
Tue, 2 Jan 2001 13:56:11 -0800


> I would like to be able to advertise different lists of available profiles
> based on the identity of the users who connect to my server. How do I do
> this?

hi. the short answer is that you can do this, but it isn't easy.

you already stated the sub-optimal solution: if you use a transport security
profile to authenticate then when the underlying transport security
negotiation completes, all cached information is discarded and a new
greeting is generated. you could make this greeting authenticator-specific
if you wanted.

an alternative approach is to offer BEEP on multiple TCP ports, and have
different profiles available on each port. you could then use the DNS to do
the selection for you. for example, i don't think that it's unreasonable to
think that 6 months from now, a given server might be offering APEX edge
service on one port, the APEX relay service on another, the syslog service
on a third, etc. in each case, the initiating peer uses SRV records to
figure out the port to connect to.

from a philosophical perspective, services decide which users get to do
what; it's easy to see a useful system based on "i want to do this specific
class of transactions, and i authenticate as mrose"; it's a lort hard to
imagine a useful system based on "i authenticate as mrose, so what classes
of transactions am i allowed"?

/mtr