On 12 January 2012 17:07, Andy Jenkinson <[email protected]> wrote: > Great stuff Jon! > > On 12 Jan 2012, at 15:31, Jonathan Warren wrote: >> >> On 12 Jan 2012, at 13:43, Dan Bolser wrote: >> >>> I want to be able to specifically grant access to my data by a known third >>> party. >> >> We had large debates about how to implement security in DAS at the last >> couple of DAS workshops. In the end it was decided we would go with BASIC >> authentication and https requests and responses and people would have to >> trust DAS clients with their username and passwords. > > I believe those providers use (or are migrating to) a common authorisation > protocol based on OAuth. This type of authorisation actually only allows you > to control which -applications- have access to your data, not which > individuals. That means each individual client needs to be configured for > this purpose. Really what is needed is an end-to-end solution across both > clients and servers, with a common authentication/identification mechanism > and across multiple providers. Particularly the authentication part is > difficult because, for technical reasons, we can't use OpenID. It'd be great > and there are potential solutions, but the "activation energy" and > coordination required is quite high.
AFAIK, using something like the above, you authenticate with the client using OpenID, and the client is authenticated to access your data via OAuth. You can then build your client to allow various levels of sharing with other users in the system, as with FB. Would building OAuth into Proserver, then identifying with OpenID be a way round the 'technical reasons' you described above? Or is it just running in circles? Cheers, Dan. _______________________________________________ DAS mailing list [email protected] http://lists.open-bio.org/mailman/listinfo/das
