On 9 June 2011 09:30, Andreas Maunz <andreas at maunz.de> wrote:

> On Thu, 9 Jun 2011 11:34:43 +0700, surajit ray
> <mr.surajit.ray at gmail.com> wrote:
> > Hi Andreas,
> >
> > On 9 June 2011 01:41, Nina Jeliazkova <jeliazkova.nina at gmail.com> wrote:
> >> On 8 June 2011 13:38, surajit ray <mr.surajit.ray at gmail.com> wrote:
> >>
> >>> Hi Nina, Andreas,
> >>>
> >>> In the A&A workflow a token has a certain life time after which it
> >>> becomes invalid. So if someone starts a task and provides a token for
> >>> dataset access and upload - the access will work as it is done
> >>> immediately and the token is valid, however the upload will fail as by
> >>> that time the token would become invalid (as the task takes a long
> >>> time). One way would be store the user credentials on the server
> >>> (Maxtox) which I think is not the correct thing to do. The credentials
> >>> should exists only in one secure place.
> >>>
> >>
> >> One solution could be to try to renew the token, while it is still
> valid.
> >>
> >
> > Whats the mechanism to renew tokens ?
>
> I am not aware of any such (OpenSSO-internal) mechanism (which does not
> mean it doesn't exist, however).
>

I had in mind simply getting a new token, given a valid one is available.
However, if I remember right,  from a valid token one can retrieve the user
name, but not the password, and therefore will not have credentials to
request a new token.

Eventually, the service can get a new token with its own credentials (if
such exist), and assign the new resource a policy, granting access only to
the user, initiating the calculation - through the
discussed-but-not-implemented-so-far parameter "policy".

Regards,
Nina


> I see no apparent solution to the problem you mentioned besides raising
> token lifetime globally.
>
> Regards
> Andreas
> _______________________________________________
> Development mailing list
> Development at opentox.org
> http://www.opentox.org/mailman/listinfo/development
>