Add changes for 836f4cc

MetPX · Sep 27, 2024 · b268abe · b268abe
1 parent 284f469
commit b268abe
Show file tree

Hide file tree

Showing 34 changed files with 182 additions and 37 deletions.
diff --git a/Contribution/Development.html b/Contribution/Development.html
@@ -163,7 +163,7 @@ <h1>MetPX-Sarracenia Developer’s Guide<a class="headerlink" href="#metpx-sarra
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <section id="tools-you-need">

diff --git a/Contribution/Release.html b/Contribution/Release.html
@@ -133,7 +133,7 @@ <h1>Releasing MetPX-Sarracenia<a class="headerlink" href="#releasing-metpx-sarra
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <section id="pre-release-overview">

diff --git a/Contribution/man_page_template.html b/Contribution/man_page_template.html
@@ -122,7 +122,7 @@ <h2>sr_title<a class="headerlink" href="#sr-title" title="Link to this heading">
 <dd class="field-odd"><p>1</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Explanation/DeploymentConsiderations.html b/Explanation/DeploymentConsiderations.html
@@ -75,6 +75,7 @@
 </ul>
 </li>
 <li class="toctree-l3"><a class="reference internal" href="#security-considerations">Security Considerations</a><ul>
+<li class="toctree-l4"><a class="reference internal" href="#architecture">Architecture</a></li>
 <li class="toctree-l4"><a class="reference internal" href="#client">Client</a></li>
 <li class="toctree-l4"><a class="reference internal" href="#server-broker">Server/Broker</a></li>
 <li class="toctree-l4"><a class="reference internal" href="#input-validation">Input Validation</a></li>
@@ -241,6 +242,38 @@ <h3>Switching/Routing<a class="headerlink" href="#switching-routing" title="Link
 <h2>Security Considerations<a class="headerlink" href="#security-considerations" title="Link to this heading"></a></h2>
 <p>This section is meant to provide insight to those who need to perform a security review
 of the application prior to implementation.</p>
+<section id="architecture">
+<h3>Architecture<a class="headerlink" href="#architecture" title="Link to this heading"></a></h3>
+<p>Sarracenia can be a component in many solutions, and can be deployed as a cloud component.
+However, in it’s rawest, simplest form, Sarracenia is not used like cloud services, where
+one service is accessible from anywhere. It is more of a component or toolkit that is
+expected to work with traditional network security zoning. Rather than have one service
+for all, and requiring traffic/firewall exceptions and external security scanning to
+intercept traffic, one deploys pump at each network zone demarcation.</p>
+<p>Data is delivered to the pump at the demarcation point, and then another pump
+forwards data to the next zone. As part of demarcation processing, one can download a
+file, run it through processing, such as malware scanning, and then only announce
+it’s availability to the following pump if it’s ok.</p>
+<p>Each pump has independent authentication, and pump administrators
+and users can define what traffic is made available to users on the other side of
+the demarcation point. Pumps are chained together by copying from one to the next
+to the next, where each one can have different access, purpose, and ownership.</p>
+<p>No formal federation or whole network identity is needed to pass data around
+the network. Instead, each pump establishes authentication for the neigbouring pump.
+If countries operated data pumps, one could imagine a situation like the following:
+The Russians and Americans want to transfer data but do not want to be exposed to each
+others’ servers directly. The Russians could share with Kazakstan, The Kazakhs exchange
+with Korea, and Korea exchanges with Canada. The Americans only need to have
+a good relationship with the Canadians or Koreans. Each link in the chain
+exposing themselves directly only to peers they have an explicit and
+agreed relationship with. Each link in the chain can perform their own
+scanning and processing before accepting the data.</p>
+<a class="reference internal image-reference" href="../_images/sr3_flow_example.svg"><img alt="../_images/sr3_flow_example.svg" class="align-center" src="../_images/sr3_flow_example.svg" style="width: 1122.0px; height: 793.0px;" /></a>
+<p>In this example, you can see that there are the ddsr pumps deployed on internal
+operations zones, and they push or pull from pumps in other zones, such as another
+operations zone, or a public access zone. Pumps are expected to
+mediate traffic travelling between network zones.</p>
+</section>
 <section id="client">
 <h3>Client<a class="headerlink" href="#client" title="Link to this heading"></a></h3>
 <p>All credentials used by the application are stored

diff --git a/Explanation/SarraPluginDev.html b/Explanation/SarraPluginDev.html
@@ -141,7 +141,7 @@ <h3>Revision Record<a class="headerlink" href="#revision-record" title="Link to
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 </section>

diff --git a/How2Guides/source.html b/How2Guides/source.html
@@ -135,7 +135,7 @@ <h3>Revision Record<a class="headerlink" href="#revision-record" title="Link to
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <p>A Sarracenia data pump is a web (or sftp) server with notifications for subscribers

diff --git a/How2Guides/subscriber.html b/How2Guides/subscriber.html
@@ -133,7 +133,7 @@ <h3>Revision Record<a class="headerlink" href="#revision-record" title="Link to
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 </section>

diff --git a/Reference/sr3.1.html b/Reference/sr3.1.html
@@ -120,7 +120,7 @@ <h2>sr3 Sarracenia CLI<a class="headerlink" href="#sr3-sarracenia-cli" title="Li
 <dd class="field-odd"><p>1</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Reference/sr3_cpump.1.html b/Reference/sr3_cpump.1.html
@@ -117,7 +117,7 @@ <h2>sr_shovel in C<a class="headerlink" href="#sr-shovel-in-c" title="Link to th
 <dd class="field-odd"><p>1</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Reference/sr3_credentials.7.html b/Reference/sr3_credentials.7.html
@@ -114,7 +114,7 @@ <h2>SR3 Credential File Format<a class="headerlink" href="#sr3-credential-file-f
 <dd class="field-odd"><p>7</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Reference/sr3_options.7.html b/Reference/sr3_options.7.html
@@ -118,7 +118,7 @@ <h2>SR3 Configuration File Format<a class="headerlink" href="#sr3-configuration-
 <dd class="field-odd"><p>7</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>
@@ -1895,9 +1895,9 @@ <h4>timezone &lt;string&gt; (default: UTC)<a class="headerlink" href="#timezone-
 Examples: Canada/Pacific, Pacific/Nauru, Canada/Eastern, Europe/Paris
 Has no effect other than in when polling an FTP server.</p>
 </section>
-<section id="tlsrigour-default-medium">
-<h4>tlsRigour (default: medium)<a class="headerlink" href="#tlsrigour-default-medium" title="Link to this heading"></a></h4>
-<p>tlsRigour can be set to: <em>lax, medium, or strict</em>, and gives a hint to the
+<section id="tlsrigour-default-normal">
+<h4>tlsRigour (default: normal)<a class="headerlink" href="#tlsrigour-default-normal" title="Link to this heading"></a></h4>
+<p>tlsRigour can be set to: <em>lax, normal, or strict</em>, and gives a hint to the
 application of how to configure TLS connections. TLS, or Transport Level
 Security (used to be called Secure Socket Layer (SSL)) is the wrapping of
 normal TCP sockets in standard encryption. There are many aspects of TLS

diff --git a/Reference/sr3_post.1.html b/Reference/sr3_post.1.html
@@ -118,7 +118,7 @@ <h2>Publish the Availability of Files<a class="headerlink" href="#publish-the-av
 <dd class="field-odd"><p>1</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Reference/sr_post.7.html b/Reference/sr_post.7.html
@@ -123,7 +123,7 @@ <h2>Sarracenia v03 Notification Message Format/Protocol<a class="headerlink" hre
 <dd class="field-odd"><p>7</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>

diff --git a/Tutorials/Install.html b/Tutorials/Install.html
@@ -124,7 +124,7 @@ <h2>Revision Record<a class="headerlink" href="#revision-record" title="Link to
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 </section>

diff --git a/_sources/Explanation/DeploymentConsiderations.rst.txt b/_sources/Explanation/DeploymentConsiderations.rst.txt
@@ -147,6 +147,47 @@ Security Considerations
 This section is meant to provide insight to those who need to perform a security review
 of the application prior to implementation.
 
+
+Architecture
+~~~~~~~~~~~~
+
+Sarracenia can be a component in many solutions, and can be deployed as a cloud component.
+However, in it's rawest, simplest form, Sarracenia is not used like cloud services, where 
+one service is accessible from anywhere. It is more of a component or toolkit that is 
+expected to work with traditional network security zoning. Rather than have one service 
+for all, and requiring traffic/firewall exceptions and external security scanning to 
+intercept traffic, one deploys pump at each network zone demarcation. 
+
+Data is delivered to the pump at the demarcation point, and then another pump
+forwards data to the next zone. As part of demarcation processing, one can download a 
+file, run it through processing, such as malware scanning, and then only announce 
+it's availability to the following pump if it's ok.
+
+Each pump has independent authentication, and pump administrators 
+and users can define what traffic is made available to users on the other side of 
+the demarcation point. Pumps are chained together by copying from one to the next 
+to the next, where each one can have different access, purpose, and ownership.
+
+No formal federation or whole network identity is needed to pass data around 
+the network. Instead, each pump establishes authentication for the neigbouring pump. 
+If countries operated data pumps, one could imagine a situation like the following:
+The Russians and Americans want to transfer data but do not want to be exposed to each
+others' servers directly. The Russians could share with Kazakstan, The Kazakhs exchange
+with Korea, and Korea exchanges with Canada. The Americans only need to have
+a good relationship with the Canadians or Koreans. Each link in the chain 
+exposing themselves directly only to peers they have an explicit and 
+agreed relationship with. Each link in the chain can perform their own
+scanning and processing before accepting the data.
+
+.. image:: Concepts/sr3_flow_example.svg
+    :scale: 100%
+    :align: center
+
+In this example, you can see that there are the ddsr pumps deployed on internal
+operations zones, and they push or pull from pumps in other zones, such as another
+operations zone, or a public access zone. Pumps are expected to 
+mediate traffic travelling between network zones.
+
 Client
 ~~~~~~
 

diff --git a/_sources/Reference/sr3_options.7.rst.txt b/_sources/Reference/sr3_options.7.rst.txt
@@ -2079,10 +2079,10 @@ Examples: Canada/Pacific, Pacific/Nauru, Canada/Eastern, Europe/Paris
 Has no effect other than in when polling an FTP server.
 
 
-tlsRigour (default: medium)
+tlsRigour (default: normal)
 ---------------------------
 
-tlsRigour can be set to: *lax, medium, or strict*, and gives a hint to the
+tlsRigour can be set to: *lax, normal, or strict*, and gives a hint to the
 application of how to configure TLS connections. TLS, or Transport Level
 Security (used to be called Secure Socket Layer (SSL)) is the wrapping of
 normal TCP sockets in standard encryption. There are many aspects of TLS

diff --git a/_sources/fr/Explication/ConsiderationsDeployments.rst.txt b/_sources/fr/Explication/ConsiderationsDeployments.rst.txt
@@ -167,6 +167,46 @@ Considérations de sécurité
 Cette section a pour but de donner un aperçu à ceux qui ont besoin d'effectuer un examen de sécurité.
 de l'application avant la mise en œuvre.
 
+Architecture
+~~~~~~~~~~~~
+
+Sarracenia peut être un composant de nombreuses solutions et peut être déployé en tant que composant cloud.
+Cependant, dans sa forme la plus brute et la plus simple, Sarracenia n'est pas utilisé comme les services cloud, où
+un service est accessible de n'importe où. Il s'agit plutôt d'un composant ou d'une boîte à outils qui est
+censé fonctionner avec le zonage de sécurité réseau traditionnel. Plutôt que d'avoir un service
+pour tous et d'exiger des exceptions de trafic/pare-feu et une analyse de sécurité externe pour
+intercepter le trafic, on déploie une pompe à chaque démarcation de zone réseau.
+
+Les données sont livrées à la pompe au point de démarcation, puis une autre pompe
+transmet les données à la zone suivante. Dans le cadre du traitement de démarcation, on 
+peut télécharger un fichier, l'exécuter via un traitement, comme une analyse des logiciels 
+malveillants, puis annoncer sa disponibilité à la pompe suivante uniquement si elle est correcte.
+
+Chaque pompe dispose d'une authentification indépendante, et les administrateurs de pompe
+et les utilisateurs peuvent définir le trafic mis à disposition des utilisateurs de l'autre côté
+du point de démarcation. Les pompes sont enchaînées en copiant de l'une à l'autre
+à l'autre, où chacune peut avoir un accès, un but et une propriété différents.
+
+Aucune fédération formelle ou identité de réseau complet n'est nécessaire pour transmettre des données
+sur le réseau. Au lieu de cela, chaque pompe établit une authentification pour la pompe voisine.
+Si les pays exploitaient des pompes de données, on pourrait imaginer une situation comme celle-ci :
+Les Russes et les Américains veulent transférer des données mais ne veulent pas être exposés directement aux serveurs
+des autres. Les Russes pourraient partager avec le Kazakhstan, les Kazakhs échanger
+avec la Corée et la Corée échanger avec le Canada. Les Américains n'ont besoin que d'avoir
+une bonne relation avec les Canadiens ou les Coréens. Chaque maillon de la chaîne
+s'expose directement uniquement aux pairs avec lesquels il a une relation explicite et
+convenue. Chaque maillon de la chaîne peut effectuer sa propre analyse et son propre traitement avant d'accepter les données.
+
+.. image:: Concepts/sr3_exemple_de_flux.svg
+    :scale: 100%
+    :align: center
+
+Dans cet exemple, vous pouvez voir que les pompes DDR sont déployées sur des zones d'opérations
+internes et qu'elles poussent ou tirent depuis des pompes situées dans d'autres zones, telles qu'une autre
+zone d'opérations ou une zone d'accès public. Les pompes sont censées
+servir de médiateur au trafic circulant entre les zones du réseau.
+
+
 Client
 ~~~~~~
 

diff --git a/_sources/fr/Reference/sr3_options.7.rst.txt b/_sources/fr/Reference/sr3_options.7.rst.txt
@@ -2063,10 +2063,10 @@ exemples: Canada/Pacific, Pacific/Nauru, Europe/Paris
 Seulement actif dans le contexte de sondage de serveur FTP.
 
 
-tlsRigour (défaut: medium)
+tlsRigour (défaut: normal)
 --------------------------
 
-*tlsRigour* peut être réglé a : *lax, medium ou strict*, et donne un indice à l'application par rapport à la
+*tlsRigour* peut être réglé a : *lax, normal ou strict*, et donne un indice à l'application par rapport à la
 configuration des connexions TLS. TLS, ou Transport Layer Security (autrefois appelée Secure Socket Layer (SSL))
 est l’encapsulation de sockets TCP normales en cryptage standard. Il existe de nombreux aspects de
 négociations TLS, vérification du nom d’hôte, vérification des certificats, validation, choix de

diff --git a/fr/CommentFaire/source.html b/fr/CommentFaire/source.html
@@ -134,7 +134,7 @@ <h3>Enregistrement de révision<a class="headerlink" href="#enregistrement-de-re
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <p>Une pompe de données Sarracenia est un serveur Web (ou sftp) avec des notifications pour que les

diff --git a/fr/CommentFaire/subscriber.html b/fr/CommentFaire/subscriber.html
@@ -123,7 +123,7 @@ <h3>Enregistrement de révision<a class="headerlink" href="#enregistrement-de-re
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 </section>

diff --git a/fr/Contribution/Développement.html b/fr/Contribution/Développement.html
@@ -130,7 +130,7 @@ <h1>Guide du développeur MetPX-Sarracenia<a class="headerlink" href="#guide-du-
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <section id="outillage">

diff --git a/fr/Contribution/Publication.html b/fr/Contribution/Publication.html
@@ -125,7 +125,7 @@ <h1>Publier une Version de MetPX-Sarracenia<a class="headerlink" href="#publier-
 <dd class="field-odd"><p>3.00.56rc1</p>
 </dd>
 <dt class="field-even">date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 </dl>
 <section id="processus-de-pre-publication">

diff --git a/fr/Contribution/modèle_de_page_man.html b/fr/Contribution/modèle_de_page_man.html
@@ -122,7 +122,7 @@ <h2>sr_titre<a class="headerlink" href="#sr-titre" title="Link to this heading">
 <dd class="field-odd"><p>1</p>
 </dd>
 <dt class="field-even">Date<span class="colon">:</span></dt>
-<dd class="field-even"><p>Sep 25, 2024</p>
+<dd class="field-even"><p>Sep 27, 2024</p>
 </dd>
 <dt class="field-odd">Version<span class="colon">:</span></dt>
 <dd class="field-odd"><p>3.00.56rc1</p>