Hi Andreas,All,

Was trying to work through the doc file given as documentation on the
website at

http://opentox.org/data/documents/partner/wp/3/deliverables/Draft%20Report%20WP3-D3.3

I had a few queries regarding the content.

1)  To quote an example from the doc file


------------------------------------------------------------------------------------
# Listing all my policies...
# =======================
curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H
“subjectid: AQIC5wM2LY4SfcxrnpcZCmbfdsKTyxG9E66uu5FVhefps7I%3D%40AAJTSQACMDE%3D%23”
HTTP/1.1 200 OK
Content-Type: text/plain
There were not matching policies under realm, /.
------------------------------------------------------------------------------------


here the token is url encoded while in reality (on the server at
http://opensso.in-silico.ch/Pol/opensso-pol) the accepted form is
without urlencoding the token.
when I submit a urlencoded token heres the result


------------------------------------------------------------------------------------
maxtox at maxtox-desktop:~$ curl -i -X GET
http://opensso.in-silico.ch/Pol/opensso-pol -H
"subjectid:AQIC5wM2LY4SfcwYjtLJPwt6fs8ca1Owk5XWByXX3Wn%2BbX4%3D%40AAJTSQACMDE%3D%23"
HTTP/1.0 400 Bad Request
Server: nginx/0.6.32
Date: Mon, 07 Mar 2011 15:35:20 GMT
Content-Type: text/plain
Proxy-Connection: keep-alive
Content-Length: 59

Token could not be resolved to a user id. Token expired?.
------------------------------------------------------------------------------------


and the result from the non-urlencoded token submission is following


------------------------------------------------------------------------------------
maxtox at maxtox-desktop:~$ curl -i -X GET
http://opensso.in-silico.ch/Pol/opensso-pol -H
"subjectid:AQIC5wM2LY4SfcwYjtLJPwt6fs8ca1Owk5XWByXX3Wn+bX4=@AAJTSQACMDE=#"
HTTP/1.0 200 OK
Server: nginx/0.6.32
Date: Mon, 07 Mar 2011 15:36:58 GMT
Content-Type: text/plain
Proxy-Connection: keep-alive
Content-Length: 1
------------------------------------------------------------------------------------

as you can see I could not get the expected  : "There were not
matching policies under realm, /."
could you clarify how to obtain the result shown in the example


2) When I do a authentication like the following I get the result as a
token.id like so


------------------------------------------------------------------------------------
maxtox at maxtox-desktop:~$ curl -i -d "username=surajitray" -d
"password=w3lc0m3"
http://opensso.in-silico.ch/opensso/identity/authenticate
HTTP/1.0 200 OK
Server: nginx/0.6.32
Date: Mon, 07 Mar 2011 15:31:26 GMT
Content-Type: text/plain;charset=UTF-8
Proxy-Connection: keep-alive
Content-Length: 72

token.id=AQIC5wM2LY4Sfcy24eQG5V7J8Lth75vK3Tdr94/rrc/nBJs=@AAJTSQACMDE=#
------------------------------------------------------------------------------------


Have been correct to assume that this token.id is to be used as
subjectid in the previous step ?
If my assumption was correct then could you please remove this
apparent inconsistency by changing both the variables to the same name
(either token.id or subjectid) ?
Also in the documentation on the website
(http://opentox.org/dev/apis/api-1.2/AA) the following is mentioned


------------------------------------------------------------------------------------

Authentication

POST on /auth/authenticate

username
password
uri

200 + token (Valid)
401 (Invalid)

Token validation

POST on /auth/isTokenValid

tokenid

200 + Boolean

Logout

POST on /auth/logout

subjectid

200 + void

------------------------------------------------------------------------------------



As you can see theres a mix of token and tokenid. So we have four
representations of the same thing token.id , token , tokenid,
subjectid ?

could you please help me, cause I am stuck with the a&a implementation
for a considerable time now !

Regards
Surajit