[OTDev] A&A
Tobias Girschick tobias.girschick at in.tum.deFri Oct 22 17:15:31 CEST 2010
- Previous message: [OTDev] A&A
- Next message: [OTDev] A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Micha, All, On Fri, 2010-10-22 at 11:04 +0200, Micha Rautenberg wrote: > Hi Tobias, All, > > yes it should be in API 1.2 and (in my opinion) in every component even > if it is optional. Ok. I think that's a good solution. > and a short comment on the algorithm example > > curl -X GET -d 'username=usr' -d 'password=pwd' > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > should use the token from the opensso authentication > > curl -X GET -d 'token_id=token' > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > you authenticate once and then use the token afterwards. Each > webservices proofs authorization with the token. The problem is, that in this case, the user would have to authenticate on his own before using a 'restricted' web service. Or is it in this case a 'security breach', as the service get's the uid and pwd? It would be convenient to just use my pwd and my username if I want to issue just one service call... Has this been discussed and I am not finding and/or remembering the results or is this still an open issue? best regards, Tobias > > best regards, > > Micha > > > Tobias Girschick schrieb: > > Hi, > > > > ok. In that case, I propose to use the same scheme as in the A&A > > Deliverable Example session for communicating with the openSSO service > > to prevent confusion (also the parameter names can be reused). There > > form parameters are used: > > curl -i -d 'username=<uid>' -d 'password=<sec>' > > http://opensso.in-silico..... > > > > For an algorithm that would mean: > > curl -X GET -d 'username=usr' -d 'password=pwd' > > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > > > The question is where to add it in the wiki (API)? Only in the A&A > > section or in every component? > > > > Any opinions on that? NTUA, how are you handling that? ALU? All? > > best regards, > > Tobias > > > > On Thu, 2010-10-21 at 16:16 +0300, Nina Jeliazkova wrote: > > > >> Hi Tobias, > >> > >> > >> On 21 October 2010 16:07, Tobias Girschick > >> <tobias.girschick at in.tum.de> wrote: > >> Hi Nina, Andreas, All, > >> > >> while adding the A&A functionality to the TUM webservices I > >> stumbled > >> upon one question: is there a uniform way how the user > >> credentials > >> (username, password) are passed to the services (not the A&A > >> services > >> but an algorithm for example)? > >> > >> Meaning do I issue: > >> curl -X GET > >> http://localhost:8080/OpenTox-dev/tox/test?username=usr&password=pwd -iv > >> or > >> curl -X GET -d 'username=usr' -d 'password=pwd' > >> http://localhost:8080/OpenTox-dev/tox/test -iv > >> > >> I didn't find anything in the A&A Deliverable or the API... > >> > >> Your observation is absolutely correct, AFAIK this is not (yet!) > >> defined in the API . > >> > >> > >> I think I have seen the first version in the AMBIT code (might > >> be > >> deprecated version) > >> > >> Object username = > >> request.getResourceRef().getQueryAsForm().getFirstValue(username_tag); > >> > >> > >> It's not deprecated, but was done quickly to test the the AA and is > >> used only for a test resource. > >> > >> I think it would be best if you just pick up parameter names which you > >> prefer (hopefully the same as ALU and NTUA are using) and document it > >> in the wiki. I don't have preferences and it will be easy to change > >> ambit code to reflect your choice. > >> > >> Best regards, > >> Nina > >> > >> > >> best regards, > >> Tobias > >> -- > >> Dipl.-Bioinf. Tobias Girschick > >> > >> Technische Universität München > >> Institut für Informatik > >> Lehrstuhl I12 - Bioinformatik > >> Bolzmannstr. 3 > >> 85748 Garching b. München, Germany > >> > >> Room: MI 01.09.042 > >> Phone: +49 (89) 289-18002 > >> Email: tobias.girschick at in.tum.de > >> Web: http://wwwkramer.in.tum.de/girschick > >> > >> > >> > > > > > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development -- Dipl.-Bioinf. Tobias Girschick Technische Universität München Institut für Informatik Lehrstuhl I12 - Bioinformatik Bolzmannstr. 3 85748 Garching b. München, Germany Room: MI 01.09.042 Phone: +49 (89) 289-18002 Email: tobias.girschick at in.tum.de Web: http://wwwkramer.in.tum.de/girschick
- Previous message: [OTDev] A&A
- Next message: [OTDev] A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list