[OTDev] API modifications for A&A
Andreas Maunz andreas at maunz.deWed May 5 13:41:56 CEST 2010
- Previous message: [OTDev] Developing new predictive toxicology strategies
- Next message: [OTDev] API modifications for A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear all, for A&A, we need to modify the API in some places and introduce some new components. We have two cases: (a) authentication against OpenSSO: should be done by the client application (b) authorization against OpenSSO for ressource and action combinations For (a), we need to transmit user credentials and obtain a token, while part (b) can be decomposed into: (b1) client authorization request to the webservice: should be done by the client application (b2) authorization request confirmation from webservice to OpenSSO: should be done by the webservice. Following is my proposal for API changes / extensions, according to (a), (b1), and (b2): (a) REST operation URL Parameters Response Authentication http://<server>/opensso/identity/authenticate username password uri 200 + token / 401 Token validation http://<server>/opensso/identity/isTokenValid tokenid 200 + boolean Logout http://<server>/opensso/identity/logout subjectid 200 + void (b1) REST operation URL Parameters Response All All as before + tokenid as before + 401 (b2) REST operation URL Parameters Response Authorization http://<server>/opensso/identity/authorize uri action subjectid 200 + boolean / 401 + boolean Note: - (a) and (b2) are taken from http://blogs.sun.com/ideas/entry/opensso_webservices_rest_interfaces. More operations are supported by OpenSSO, but as a first step we would only need these. - (b1) is a simple extension to all existing REST operations, adding a token field to the query string. Furthermore, a policy management API is proposed in http://opentox.org/data/documents/development/Authentication%20and%20Authorization/AA%20based%20on%20OpenSSO, Hopefully, we can engage in a discussion. Best regards Andreas
- Previous message: [OTDev] Developing new predictive toxicology strategies
- Next message: [OTDev] API modifications for A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list