On Wed, Jan 12, 2011 at 4:13 PM, Nina Jeliazkova
<jeliazkova.nina at gmail.com> wrote:
>> I've been there with the MetWare project...

(That would be http://metware.org)

> Well, security is always a complex thing to do properly.   Would be useful
> to hear your experience.

The point made earlier about having some metadata freely available was
a good one, and one that our user base required. So, we ended up
looking at access control at a row and column level in the database.
Otherwise, we had been mostly looking at access control at an Apache
level (e.g. Kerberos, Shibboleth).

Now, this was only metabolomics. Toxicology is likely to be much
worse. This is probably also why organizations like CCD have this
consortium agreement for nothing-or-all regarding the data, which is
much preferred. Another aspect, which seems to be addressed by
OpenSSO, is the federated part. We decided to do the authentication
with things available at the Apache level, while doing the access
control at a single server level.

I moved to Sweden before all this got worked out and implemented,
though, so cannot provide much technical tips :(

Egon

-- 
Dr E.L. Willighagen
Postdoctoral Researcher
Institutet för miljömedicin
Karolinska Institutet
Homepage: http://egonw.github.com/
LinkedIn: http://se.linkedin.com/in/egonw
Blog: http://chem-bla-ics.blogspot.com/
PubList: http://www.citeulike.org/user/egonw/tag/papers