On Nov 22, 2012, at 1:10 PM, Amila Jayasekara <[email protected]> wrote:
> Hi Suresh, > > I do prefer gateway DNS name formats such as "gateway.airavata.org" > (Due to its simplicity compared to entity ids). I did not pay attention to the SAML requirements for entity id's as discussed in the links I sent earlier. But if it doesn't matter, I am + 1 for using "gateway.airavata.org", this looks much more elegant. Suresh > But in either case > there wont be any changes to the logic we are doing at authentication > stage. Maybe we need to further investigate to figure out what is most > appropriate as a gateway id. > > Thanks > Amila > > On Thu, Nov 22, 2012 at 12:41 PM, Suresh Marru <[email protected]> wrote: >> On Nov 22, 2012, at 12:25 PM, Amila Jayasekara <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We need to send gateway name together with user name for >>> authentication at Airavata service level. We are thinking of using >>> following syntax for this, >>> >>> username@gatwayId >>> >>> So "@" will be a separator for gateway id and user name. In addition >>> we do authentication based on the gateway id. I am planning to >>> incorporate this change to existing security implementation. If you >>> have any objections/feedback please let us know. >> >> Hi Amila, >> >> Yes this sounds fine to me. But it will work under the assumption of gateway >> id being unique. May be we can maintain a wiki page with registered gateway >> id's. Can you please refer to [1] which discuss this issues of mapping end >> users with gateway identifiers. >> >> If you refer to examples at [2], are you proposing to create Entity ID's or >> Gateway DNS Domain in the format gateway.airavata.org? >> >> Cheers, >> Suresh >> >> [1] - >> http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes >> [2] - >> http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes_Status >> >>
