[OTDev] A&A
Nina Jeliazkova jeliazkova.nina at gmail.comMon Oct 25 11:17:27 CEST 2010
- Previous message: [OTDev] A&A
- Next message: [OTDev] A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 25 October 2010 12:12, Tobias Girschick <tobias.girschick at in.tum.de>wrote: > Hi, > > I copied below what I found in an old OT-dev mailinlist thread. It's > part of a discussion of Luchesar and Andreas Maunz. > > > > > > and a short comment on the algorithm example > > > > > > curl -X GET -d 'username=usr' -d 'password=pwd' > > > > > > > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > > > > > should use the token from the opensso authentication > > > > > > curl -X GET -d 'token_id=token' > > > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > > > > > you authenticate once and then use the token afterwards. > > Each > > > webservices proofs authorization with the token. > > > > > > The problem is, that in this case, the user would have to > > authenticate > > on his own before using a 'restricted' web service. Or is it > > in this > > case a 'security breach', as the service get's the uid and > > pwd? It would > > be convenient to just use my pwd and my username if I want to > > issue just > > one service call... > > Has this been discussed and I am not finding and/or > > remembering the > > results or is this still an open issue? > > > > It has been discussed number of times, look for discussions of > > service being able to authenticate on behalf of users . > > -- Quoted: > > > One final thing that seems to be not yet decided: so far we were > > discussing whether the services should always expect user credentials > > or they would allow totally unauthenticated requests as well. How > > about the user credentials themselves: as you remember, we can decide > > between: > > z) accepting only user/password -- then the service does the > authentication. > > x) accepting only tokens -- then the user or requesting service does > it. > > y) accepting both -- or rather, "any", as "both", literally, wouldn't > > make sense. > > Actually, it's a choice between (x) and (y), because each service (or > > most of them) must accept tokens, anyway -- because of the requests > > from other services -- and this means (z) doesn't suit us at all. > > Since user/password are confidential information, we should think about > passing only tokens whenever possible. In that sense, x) would be best. > Also, a workflow would have no chance of getting started, if the client > software can not obtain a token (in case SSO service is down). I > believe > this is a benefit. > > ------- > > I haven't found any decision statements ... > > > > > > I am not sure if there was a final decision , but would be good to > > have support of both options. > > I will add both now on the web, but we should maybe discuss and decide > in next weeks SWDT. > > Yes. Would it be possible to describe this particular use case step by step (similarly to the one which was described in the deliverable ) and make clear what is missing / what needs to be clarified on each step. Best regards, Nina > > best regards, > Tobias > > > > > Best regards, > > Nina > > > > > > > > > > > > > > best regards, > > Tobias > > > > > > > > > > best regards, > > > > > > Micha > > > > > > > > > Tobias Girschick schrieb: > > > > Hi, > > > > > > > > ok. In that case, I propose to use the same scheme as in > > the A&A > > > > Deliverable Example session for communicating with the > > openSSO service > > > > to prevent confusion (also the parameter names can be > > reused). There > > > > form parameters are used: > > > > curl -i -d 'username=<uid>' -d 'password=<sec>' > > > > http://opensso.in-silico..... > > > > > > > > For an algorithm that would mean: > > > > curl -X GET -d 'username=usr' -d 'password=pwd' > > > > http://localhost:8080/OpenTox-dev/algorithm/test -iv > > > > > > > > The question is where to add it in the wiki (API)? Only in > > the A&A > > > > section or in every component? > > > > > > > > Any opinions on that? NTUA, how are you handling that? > > ALU? All? > > > > best regards, > > > > Tobias > > > > > > > > On Thu, 2010-10-21 at 16:16 +0300, Nina Jeliazkova wrote: > > > > > > > >> Hi Tobias, > > > >> > > > >> > > > >> On 21 October 2010 16:07, Tobias Girschick > > > >> <tobias.girschick at in.tum.de> wrote: > > > >> Hi Nina, Andreas, All, > > > >> > > > >> while adding the A&A functionality to the TUM > > webservices I > > > >> stumbled > > > >> upon one question: is there a uniform way how the > > user > > > >> credentials > > > >> (username, password) are passed to the services > > (not the A&A > > > >> services > > > >> but an algorithm for example)? > > > >> > > > >> Meaning do I issue: > > > >> curl -X GET > > > >> > > > http://localhost:8080/OpenTox-dev/tox/test?username=usr&password=pwd -iv > > > >> or > > > >> curl -X GET -d 'username=usr' -d 'password=pwd' > > > >> http://localhost:8080/OpenTox-dev/tox/test -iv > > > >> > > > >> I didn't find anything in the A&A Deliverable or > > the API... > > > >> > > > >> Your observation is absolutely correct, AFAIK this is not > > (yet!) > > > >> defined in the API . > > > >> > > > >> > > > >> I think I have seen the first version in the > > AMBIT code (might > > > >> be > > > >> deprecated version) > > > >> > > > >> Object username = > > > >> > > > request.getResourceRef().getQueryAsForm().getFirstValue(username_tag); > > > >> > > > >> > > > >> It's not deprecated, but was done quickly to test the the > > AA and is > > > >> used only for a test resource. > > > >> > > > >> I think it would be best if you just pick up parameter > > names which you > > > >> prefer (hopefully the same as ALU and NTUA are using) and > > document it > > > >> in the wiki. I don't have preferences and it will be > > easy to change > > > >> ambit code to reflect your choice. > > > >> > > > >> Best regards, > > > >> Nina > > > >> > > > >> > > > >> best regards, > > > >> Tobias > > > >> -- > > > >> Dipl.-Bioinf. Tobias Girschick > > > >> > > > >> Technische Universität München > > > >> Institut für Informatik > > > >> Lehrstuhl I12 - Bioinformatik > > > >> Bolzmannstr. 3 > > > >> 85748 Garching b. München, Germany > > > >> > > > >> Room: MI 01.09.042 > > > >> Phone: +49 (89) 289-18002 > > > >> Email: tobias.girschick at in.tum.de > > > >> Web: http://wwwkramer.in.tum.de/girschick > > > >> > > > >> > > > >> > > > > > > > > > > > _______________________________________________ > > > Development mailing list > > > Development at opentox.org > > > http://www.opentox.org/mailman/listinfo/development > > > > > > -- > > > > Dipl.-Bioinf. Tobias Girschick > > > > Technische Universität München > > Institut für Informatik > > Lehrstuhl I12 - Bioinformatik > > Bolzmannstr. 3 > > 85748 Garching b. München, Germany > > > > Room: MI 01.09.042 > > Phone: +49 (89) 289-18002 > > Email: tobias.girschick at in.tum.de > > Web: http://wwwkramer.in.tum.de/girschick > > > > _______________________________________________ > > Development mailing list > > Development at opentox.org > > http://www.opentox.org/mailman/listinfo/development > > > > > > -- > Dipl.-Bioinf. Tobias Girschick > > Technische Universität München > Institut für Informatik > Lehrstuhl I12 - Bioinformatik > Bolzmannstr. 3 > 85748 Garching b. München, Germany > > Room: MI 01.09.042 > Phone: +49 (89) 289-18002 > Email: tobias.girschick at in.tum.de > Web: http://wwwkramer.in.tum.de/girschick > > _______________________________________________ > Development mailing list > Development at opentox.org > http://www.opentox.org/mailman/listinfo/development >
- Previous message: [OTDev] A&A
- Next message: [OTDev] A&A
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list