[OTDev] AA
Nina Jeliazkova nina at acad.bgThu Jun 17 16:59:18 CEST 2010
- Previous message: [OTDev] AA
- Next message: [OTDev] AA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All, chung wrote: > Sorry, I wasn't precise enough! I meant an OpenTox service. Nina had > sent a file where the token was included in the URL like > http://someserver.com/resource?tokenid=sglkglfnetc.... > > Actually in current version of this file, the token is supported as both URI parameter and a header parameter. Form parameter is of course another option, but then not all OpenTox API calls use web forms to post data. The query/form parameter advantage is it is easy for testing, but on the other hand it is impossible to provide for e.g. HTTP Delete operation (at least in Restlet) . My preferences are for having both header and URI parameters, with header parameter having a priority. Regards, Nina > @Andreas: > In the documentation of AA services at > http://opentox.org/dev/apis/api-1.1/AA it says about authorization that > if the user is granted to perform the action the openSSO server replies > with a status code 200 and a boolean (I guess true), otherwise the > status code is 401 and the boolean should be false. So we have only two > options: > > 200 + "boolean=true" > > or > > 401 + "boolean=false" > > I have created the following policy: > > <?xml version="1.0" encoding="UTF-8"?> > <Policies> > <Policy name="bibTexAllPolicy_1" > createdby="id=amadmin,ou=user,dc=opensso,dc=java,dc=net" > lastmodifiedby="id=amadmin,ou=user,dc=opensso,dc=java,dc=net" > creationdate="1276785457819" lastmodifieddate="1276785457819" > referralPolicy="false" active="true"> > <Rule name="rule1"> > <ServiceName name="iPlanetAMWebAgentService"/> > <ResourceName name="http://opentox.ntua.gr:3000/bibtex"/> > <AttributeValuePair> > <Attribute name="POST"/> > <Value>deny</Value> > </AttributeValuePair> > <AttributeValuePair> > <Attribute name="GET"/> > <Value>allow</Value> > </AttributeValuePair> > <AttributeValuePair> > <Attribute name="DELETE"/> > <Value>deny</Value> > </AttributeValuePair> > <AttributeValuePair> > <Attribute name="PUT"/> > <Value>deny</Value> > </AttributeValuePair> > </Rule> > <Subjects name="mySubjects" description=""> > <Subject name="YAQPservice" type="LDAPUsers" > includeType="inclusive"> > <AttributeValuePair> > <Attribute name="Values"/> > <Value>uid=YAQPservice, ou=groups, > dc=opentox,dc=org</Value> > </AttributeValuePair> > </Subject> > <Subject name="Sopasakis" type="LDAPUsers" > includeType="inclusive"> > <AttributeValuePair> > <Attribute name="Values"/> > <Value>uid=Sopasakis, ou=groups, > dc=opentox,dc=org</Value> > </AttributeValuePair> > </Subject> > </Subjects> > </Policy> > </Policies> > > and tried the following request: > > curl -i -d "uri=http://opentox.ntua.gr:3000/bibtex" -d "action=GET" -d > "subjectid=AQIC5wM2LY4Sfcyf2W48%2FUFKeDRvZ2aEpCcaeK9bBI0NrpE%3D% > 40AAJTSQACMDE%3D%23" > http://opensso.in-silico.ch/opensso/identity/authorize > > which should return 200+true but instead I get 200+false (?). What is > this supposed to mean? > > Best regards, > Pantelis > > On Thu, 2010-06-17 at 17:02 +0300, Luchesar V. ILIEV wrote: > >> Sorry to interfere, but what service are we talking about? >> >> If we're talking about OT services (as opposed to the OpenSSO/Policy >> services), then probably it's up to the service developers to decide. >> And when we talk about uploading of data or requesting computations >> that create new data, then, besides the token, we also need to provide >> the desired policies to the service -- as we discussed on Friday. >> Frankly, I'm not quite sure what would be the best approach to send >> this information... >> >> L. >> >> >> On Thu, Jun 17, 2010 at 16:54, Andreas Maunz <andreas at maunz.de> wrote: >> >>> chung wrote on 06/17/2010 03:50 PM: >>> >>>> Hi Andreas, >>>> How is the token supposed to be provided to a service: as a Header or a >>>> form parameter? >>>> >>> It works only in the combination of form parameter/POST. >>> >>> Andreas >>> _______________________________________________ >>> Development mailing list >>> Development at opentox.org >>> http://www.opentox.org/mailman/listinfo/development >>> >>> > > > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development >
- Previous message: [OTDev] AA
- Next message: [OTDev] AA
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list