Yes, we do. Raminder has been working with Emre Brookes on a desktop implementation. I presume this capability will be integrated into the Thrift API. Raminder may be able to shed more light on the way authentication is handled on the desktop.
-b. On Mon, Feb 17, 2014 at 07:07:11PM +0000, Schwartz, Terri wrote: > Do we plan to support desktop clients with SciGap? I don't have any > particular suggestion to make regarding authentication mechanisms, just want > to understand what would be the burden on the end user of a scigap enabled > desktop application, with various authorization/authentication choices. > > Terri > > ________________________________________ > From: Sachith Withana [[email protected]] > Sent: Monday, February 17, 2014 8:18 AM > To: [email protected]; [email protected] > Subject: Re: Securing the Thrift API > > The whole problem arises because we need to authenticate the client. > > In mutual authentication, you need to setup the server as well to support > each and every client.( by adding certificates manually). But scalability > can be an issue here? > > In terms of having a public API, Google, Evernote and Amazon web services > uses OAuth 2.0 to authenticate the client. > And Evernote is using Thrift as well. > > I thought in terms of the SciGap perspective ( it can also support the > current use case scenarios). > > But as you mentioned, it can make things more complicated. ( Since whoever > is using the thrift client would have to program to use the Oauth) > > For learning purposes : In terms of the operation, doesn't these two do the > same thing? ( Oauth coupled with server public key authentication vs mutual > authentication using certificates) ( apart from the fact that OAuth > supports delegation ?) > > User is delegating the thrift client to use the server right? > > > > > On Mon, Feb 17, 2014 at 11:01 AM, Amila Jayasekara > <[email protected]>wrote: > > > On Mon, Feb 17, 2014 at 10:36 AM, Sachith Withana <[email protected] > > >wrote: > > > > > Hi all, > > > > > > We are exploring the options on securing the Thrift API. > > > > > > Our objective is to authenticate the server and authorize the client. > > > > > > > What do you mean by authorizing client ? > > > > > > > > The options we are exploring are > > > > > > 1. mutual authentication using client and server certificates > > > > > > > This seems to be a good fit according to my understanding. > > > > > > > > > > 2. Use the server certificate to setup a SSL communication and use OAuth > > > 1or 2 for the client Authorization > > > > > > > I dont see a requirement for doing this. Usually we use OAuth when we need > > delegation. I am not clear how a delegation model fits here. Also it make > > things complicated. > > > > Thanks > > Amila > > > > > > > > > > Any suggestions on this matter are highly appreciated! > > > > > > -- > > > Thanks, > > > Sachith Withana > > > > > > > > > -- > Thanks, > Sachith Withana
