[OTDev] Authentication and authorisation for OpenTox REST services
Christoph Helma helma at in-silico.deWed Sep 30 14:44:49 CEST 2009
- Previous message: [OTDev] Authentication and authorisation for OpenTox REST services
- Next message: [OTDev] Authentication and authorisation for OpenTox REST services
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all, Some more requirements: In the long term we might want to share data between users and groups (as in CCD http://www.collaborativedrug.com/), but to protect them from the outside. This would need - user and group permissions (read/write) - permission inheritance Example use case: - a user creates a new dataset with restricted permissions - another user creates features from this dataset - the feature dataset should have the same permissions as the original dataset - another user creates a prediction model from this dataset - the prediction model should have the same permissions as the original dataset - the dataset owner decides to make the dataset public - all derived datasets/models should become public Best regards, Christoph PS Do you have the impression that FOAF+SSL is ready for production systems? Excerpts from Nina Jeliazkova's message of Wed Sep 30 10:30:48 +0200 2009: > Hello All, > > I would like to start a discussion on possible requirements and > solutions for OpenTox REST services. The main point here is we have > distributed services, developed by different partners, but expected to > work together. > > A typical use case would be a dataset to be provided by service S1, > descriptors calculated by Service S2 , model prediction by service S3 > and validation by service S4. Any of the services might request > authentication of the client. In case of independent AA implementations > for each partner service, the client will be asked 4 times (in worst > case) to enter his credentials, specific for each of the four services. > > Current status : > > * Own (minimal) implementation of AA for some services (NTUA, IDEA > –HTTP Basic for dataset POST, others?) > > Options: > > * Centralized service providing Identity > * Federated AA > > Technologies to consider (the list is not complete!) : > > * HTTP Basic + SSL > * HTTP Digest > * OpenID > * OpenAuth > * Google OAuth & Federated Login > http://sites.google.com/site/oauthgoog > <http://sites.google.com/site/oauthgoog/Overlap> > * FOAF + SSL (pretty new) http://esw.w3.org/topic/foaf+ssl > * SAML > > Best regards, > Nina >
- Previous message: [OTDev] Authentication and authorisation for OpenTox REST services
- Next message: [OTDev] Authentication and authorisation for OpenTox REST services
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list