Hi Nina, Andreas,

In the A&A workflow a token has a certain life time after which it
becomes invalid. So if someone starts a task and provides a token for
dataset access and upload - the access will work as it is done
immediately and the token is valid, however the upload will fail as by
that time the token would become invalid (as the task takes a long
time). One way would be store the user credentials on the server
(Maxtox) which I think is not the correct thing to do. The credentials
should exists only in one secure place.

Another solution would be to have configurable lifetime for a token -
but that would mean estimating the task completion time (which may be
difficult if not impossible to do).

A third method would be to store the result dataset locally, but that
would compromise the data confidentiality in case the Maxtox server is
compromised.

What is the solution to this problem ?

All in all I am finding it difficult to align the A&A requirements
with our use case. Any help is appreciated ...

Regards
Surajit