Secure File Transfers

The file import function is performed by using HTTP and traditional file system mechanisms. The file export function is performed by using traditional file system mechanisms. Using secure HTTP to perform file transfers is not planned at this time.

Identity

File system-based import and export functions use the user's UNIX identity. File imports that use HTTP are anonymous.

Authentication

No particular authentication is done as the user's UNIX identity is already authenticated. Note that file system mechanisms include NFS, and NFS authentication is notoriously weak.

Authorization

File system access is performed by using the user's UNIX identity and by applying traditional file system access controls. HTTP access does not provide for authorization.

Confidentiality

Local file system access is confidential. NFS access is likely to be exposed. HTTP access will be exposed.

Integrity

Local file system access is considered trustworthy. NFS access is likely to be vulnerable to productive corruption. HTTP access is likely to be vulnerable to productive corruption.

Availability

Flood attacks and corruption attacks might disrupt service.

Accountability

User-level actions are logged by Change Manager. For local and NFS access, little or no logging is performed, although file ownership and timestamps provide some accountability. HTTP access provides very limited logging.