• R/O
  • SSH

manifest: Commit

A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.


Commit MetaInfo

Révisionafedfd4d84730ea40d918725f1baf871ee88eaff (tree)
l'heure2021-10-13 03:22:22
AuteurS. Seago <sseago-dev@proj...>
CommiterS. Seago

Message de Log

Add info about multifactor built into init process

Change Summary

Modification

diff -r d7b19f9c6a2e -r afedfd4d8473 README.adoc
--- a/README.adoc Tue Oct 12 13:20:29 2021 -0500
+++ b/README.adoc Tue Oct 12 13:22:22 2021 -0500
@@ -29,4 +29,5 @@
2929 === How Does This Work?
3030 There are other options if the deploying person is not part of a company with a Project Celadon (Corp) support contract, but we'll assume a support contract is in place and is current.
3131
32-The diviner server is deployed with an LCD. Upon powering up the server, it will wait for a secured (via internal certificate) Internet connection. Once the connection is estables, an Aztec code barcode will display on the LCD. The technician (or anyone) can scan the code and they will get back an 8-digit One Time Password (OTP), generated from the ObjectID of the manifest record, with instruction about what to do next with the LCD. Following the instructions, the OTP is entered. The public IP and OTP are transmitted via SSL, and the manifest server is forwarded the IP address. If the IP address does not match, the server reboots and the process starts all over again. If the IP address is correct, the record is made available for consumption by that IP and the server is redirected to manifest URL for download. Additional measures are being considered to twart man-in-the-middle attacks.
\ No newline at end of file
32+The diviner server is deployed with an LCD. Upon powering up the server, it will wait for a secured (via internal certificate) Internet connection. Once the connection is estables, an Aztec code barcode will display on the LCD. The technician (or anyone) can scan the code and they will get back an 8-digit One Time Password (OTP), generated from the ObjectID of the manifest record, with instruction about what to do next with the LCD. Following the instructions, the OTP is entered. The public IP and OTP are transmitted via SSL, and the manifest server is forwarded the IP address. If the IP address does not match, the server reboots and the process starts all over again. If the IP address is correct, the record is made available for consumption by that IP and the server is redirected to manifest URL for download. Additional measures are being considered to twart man-in-the-middle attacks.
33+The barcode itself contains the ObjectID of the manifest record that has been prepared for that site. In this way, the device becomes the "something you have" part of the authentication chain.
\ No newline at end of file
Afficher sur ancien navigateur de dépôt.