hngopher.com

       [HN Gopher] HIBA: Host Identity Based Authorization
       ___________________________________________________________________
        
       HIBA: Host Identity Based Authorization
        
       Author : fractalb
       Score  : 62 points
       Date   : 2021-09-24 04:54 UTC (1 days ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | netman21 wrote:
       | Or you could just implement Host Identity Protocol
       | https://en.wikipedia.org/wiki/Host_Identity_Protocol
        
         | stanleydrew wrote:
         | I don't see how HIP helps with authorization?
        
       | staticassertion wrote:
       | Seems like an open way to get what AWS SSM authnz provides.
        
       | jhauris wrote:
       | This is definitely interesting. I'd be interested in a functional
       | comparison with ssh using kerberos. Is the difference that each
       | host can be totally independent? Does this project require a
       | separate certificate management system? Perhaps you could use IPA
       | or similar for your everyday machines, and HIBA for rarely
       | accessed computers that you don't want in your domain.
        
         | [deleted]
        
       | mitjam wrote:
       | This reminds me of a 2016 blog post titled "Scalable and Secure
       | Access with SSH" [1] on the Facebook engineering blog which does
       | this with standard SSH tooling. I think the benefit of HIBA is
       | more granularity in terms of authorization per system via Grants
       | attached to certs as compared to authorized principal files on
       | the hosts. Grants are centrally managed and can be given on a
       | case-by-case basis, and revoked individually, for example.
       | 
       | [1]: https://engineering.fb.com/2016/09/12/security/scalable-
       | and-...
        
       | andrewshadura wrote:
       | In many Slavic languages (and also in Hungarian) hiba/chiba/chyba
       | means mistake :)
        
         | rad_gruchalski wrote:
         | In Polish it means roughly "surely", alternatively ,,I guess".
        
           | mirekrusin wrote:
           | ...or "maybe".
        
           | andrewshadura wrote:
           | In modern Polish. The meaning derives from the old Polish
           | word meaning mistake too :)
        
         | nomoreideas wrote:
         | In Hebrew it means affection (written khybh)
        
           | meitham wrote:
           | In Arabic it's gift, hb@
        
         | tsimionescu wrote:
         | In Romanian, probably through slavic origins, it means
         | specifically 'the flaw'.
        
         | coolspot wrote:
         | In Russian it means...
         | 
         | ... it doesn't mean anything.
        
       ___________________________________________________________________
       (page generated 2021-09-25 23:01 UTC)