On 18 February 2011 11:21, Andreas Maunz <andreas at maunz.de> wrote:
> Hi Dmitry,
>
> Druzhilovsky wrote on 02/18/2011 10:00 AM:
>>
>> Ok. Let me trouble you with one more question.
>
> You are welcome :)
>
>> When user open in browser
>> http://195.178.207.160/opentox/MakeMNA, he doesn't send any parameters, he
>> only see RDF. Have I to make so, that RDF doesn't open without login and
>> password?
>
> Yes, that is correct- your server (if 195.178.207.160 is your server) has to
> check whether the token that the client presents to you is authorized. Thus,
> your server has to do the authorization requests on the A&A server.
>
> Also, please read this:
> Guidance on using AA:
> http://www.opentox.org/dev/documentation/Guidance%20on%20Using%20AA
> AA Deliverable:
> http://www.opentox.org/data/documents/development/opentoxreports/opentoxreportd33/view
> Those documents describe everything in more detail.
>
>> And one more point, has MNA\QNA service to do a logout after
>> verification procedure?
>
> That would be great. Logout frees up resources on A&A.
>

I would say the server should not do any login or  logout. If I
remember right this is what we had agreed and this is how all services
are currently implemented.

The token is only received by the server and verified.  The client
takes care  of login , obaining the token , using it and then logout.

The client could be an application (QPREditor, Toxcreate,
Toxpredict,curl ).  If the server logouts given a token, that it will
not be possible to use e.g. MNA resources in the middle of a
calculation workflow.

Best regards,
Nina



> Best regards
> Andreas
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>