[OTDev] AA
chung chvng at mail.ntua.grThu Jun 17 16:44:42 CEST 2010
- Previous message: [OTDev] AA
- Next message: [OTDev] AA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sorry, I wasn't precise enough! I meant an OpenTox service. Nina had sent a file where the token was included in the URL like http://someserver.com/resource?tokenid=sglkglfnetc.... @Andreas: In the documentation of AA services at http://opentox.org/dev/apis/api-1.1/AA it says about authorization that if the user is granted to perform the action the openSSO server replies with a status code 200 and a boolean (I guess true), otherwise the status code is 401 and the boolean should be false. So we have only two options: 200 + "boolean=true" or 401 + "boolean=false" I have created the following policy: <?xml version="1.0" encoding="UTF-8"?> <Policies> <Policy name="bibTexAllPolicy_1" createdby="id=amadmin,ou=user,dc=opensso,dc=java,dc=net" lastmodifiedby="id=amadmin,ou=user,dc=opensso,dc=java,dc=net" creationdate="1276785457819" lastmodifieddate="1276785457819" referralPolicy="false" active="true"> <Rule name="rule1"> <ServiceName name="iPlanetAMWebAgentService"/> <ResourceName name="http://opentox.ntua.gr:3000/bibtex"/> <AttributeValuePair> <Attribute name="POST"/> <Value>deny</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="GET"/> <Value>allow</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="DELETE"/> <Value>deny</Value> </AttributeValuePair> <AttributeValuePair> <Attribute name="PUT"/> <Value>deny</Value> </AttributeValuePair> </Rule> <Subjects name="mySubjects" description=""> <Subject name="YAQPservice" type="LDAPUsers" includeType="inclusive"> <AttributeValuePair> <Attribute name="Values"/> <Value>uid=YAQPservice, ou=groups, dc=opentox,dc=org</Value> </AttributeValuePair> </Subject> <Subject name="Sopasakis" type="LDAPUsers" includeType="inclusive"> <AttributeValuePair> <Attribute name="Values"/> <Value>uid=Sopasakis, ou=groups, dc=opentox,dc=org</Value> </AttributeValuePair> </Subject> </Subjects> </Policy> </Policies> and tried the following request: curl -i -d "uri=http://opentox.ntua.gr:3000/bibtex" -d "action=GET" -d "subjectid=AQIC5wM2LY4Sfcyf2W48%2FUFKeDRvZ2aEpCcaeK9bBI0NrpE%3D% 40AAJTSQACMDE%3D%23" http://opensso.in-silico.ch/opensso/identity/authorize which should return 200+true but instead I get 200+false (?). What is this supposed to mean? Best regards, Pantelis On Thu, 2010-06-17 at 17:02 +0300, Luchesar V. ILIEV wrote: > Sorry to interfere, but what service are we talking about? > > If we're talking about OT services (as opposed to the OpenSSO/Policy > services), then probably it's up to the service developers to decide. > And when we talk about uploading of data or requesting computations > that create new data, then, besides the token, we also need to provide > the desired policies to the service -- as we discussed on Friday. > Frankly, I'm not quite sure what would be the best approach to send > this information... > > L. > > > On Thu, Jun 17, 2010 at 16:54, Andreas Maunz <andreas at maunz.de> wrote: > > chung wrote on 06/17/2010 03:50 PM: > >> > >> Hi Andreas, > >> How is the token supposed to be provided to a service: as a Header or a > >> form parameter? > > > > It works only in the combination of form parameter/POST. > > > > Andreas > > _______________________________________________ > > Development mailing list > > Development at opentox.org > > http://www.opentox.org/mailman/listinfo/development > > >
- Previous message: [OTDev] AA
- Next message: [OTDev] AA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list