Fri Aug 22 16:58:28 CEST 2008

the local webserver

I'm trying to figure out a security model for non-admins on the
network.  Currently, I'm the only admin with full access.  My root
passphrase gives access to all the functionality, and is only
committed to my memory.  SSH is used for everything here.  Per user
security is implemented in the same way.

Below that, there is everything accessible to PHYSICAL users: local
net + VPN nodes (where the physical machine is authenticated, not the
user).  This includes a read-only data store.

Wifi is seen as an outside connection, and provides only logged
internet access, and access to public services, no local net.

What I'm trying to figure out now is what SERVICES are accessible to
the physical users without authentication.

Ok. Let's use http://pub.i/ urls to be redirected to the local service
provider on a port that's DIFFERENT from the public http port, so port
based security is available.  This can then implement standard

The following apps are defined:
  * music   expose the local music collection
  * video                    video
  * install                  application archive