Hi BW, It's currently implemented in multiple fashions and I think it's best to talk specifics in order to properly respond. I'll stick to the delineation of components between the data processing/computational components, versus the information integration ones.
Data Processing: File Manager - SSO is implemented by extending the XML-RPC with a secure handler. Sean Kelly implemented such a handler [1] using Jython/Java that you can check out as an example. That's an example of locking down the actual XML-RPC service with an SSO-type capability. A similar approach could be taken (but hasn't yet) for the actual Workflow Manager and Resource Manager services. Instead, we typically just front these services with an app server like Tomcat, and let Tomcat plug in to LDAP for SSO. In our web applications that sit on top of Data Processing (or "PCS") services, we use this framework [2], called CAS-SSO. It's currently integrated into CAS-curator, and into our OODT Balance web applications framework. Information Integration: Since Web Grid runs in a Java server environment like Tomcat, we simply rely on integration with LDAP, here, or by extending the Web Grid container in a similar fashion as to how Sean Kelly implemented for XML-RPC in [1]. OK hope that helps! Cheers, Chris [1] http://svn.apache.org/repos/asf/oodt/trunk/filemgr/src/main/python [2] http://svn.apache.org/repos/asf/oodt/trunk/sso On Jan 13, 2012, at 9:49 AM, B W wrote: > How is Single Sign-on implemented for oodt? > > BW > > On Jan 12, 2012, at 8:53 PM, "Mattmann, Chris A (388J)" > <[email protected]> wrote: > >> Hi BW: >> >> In the current model, it's not done at all. The QueryServlet doesn't really >> exist >> since the advent of Web-Grid for the information integration components: >> >> http://oodt.apache.org/components/maven/grid/ >> >> Check out the slides from Sean Kelly on that site, that describes web grid. >> Basically instead of the query server/servlet, we opted for a more REST >> service oriented style where users consume profile and product server >> end points via the Web Grid substrate. >> >> Does that help? >> >> Cheers, >> Chris >> >> On Jan 12, 2012, at 8:50 PM, B W wrote: >> >>> Correct me if I'm wrong, an initial query is posted via a user agent >>> browser to a servlet for the Query Service then: >>> The messaging layer broadcasts the query to registered Profile Services >>> that are running? >>> Is this done via XML-RPC or posting to the servlets on the Profile Servers? >>> >>> >>> I'm trying to figure out the whole thread. >>> >>> Thx. >>> >>> On Thu, Jan 12, 2012 at 8:22 PM, Mattmann, Chris A (388J) < >>> [email protected]> wrote: >>> >>>> Hey Sean, >>>> >>>>> >>>>> The ebXML model is one of the least egregious for a registry that I've >>>> seen, and believe me, I've seen some nasty ones. But what makes JPL's >>>> implementation so compelling is its JSON-esque and ReST-ful based API, >>>> which, as far as I can tell, is totally original within the ebXML & OASIS >>>> worlds. >>>>> >>>>> Normally I turn my nose up to heavy-handed models with entrenched APIs, >>>> but the singular achievement of JPL is to make the ebXML model, which >>>> conceptually isn't byzantine, actually usable, approachable, and >>>> extendable. >>>> >>>> Super +1. >>>> >>>>> >>>>> Is there any hope we can get JPL, Caltech, and NASA to give it up to >>>> become part of OODT? Or its own Incubator project? >>>> >>>> I think Hardman is working on it, he can feel free to comment (or not) >>>> here ^_^ >>>> >>>> Cheers, >>>> Chris >>>> >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> Chris Mattmann, Ph.D. >>>> Senior Computer Scientist >>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA >>>> Office: 171-266B, Mailstop: 171-246 >>>> Email: [email protected] >>>> WWW: http://sunset.usc.edu/~mattmann/ >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> Adjunct Assistant Professor, Computer Science Department >>>> University of Southern California, Los Angeles, CA 90089 USA >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> >>>> >> >> >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> Chris Mattmann, Ph.D. >> Senior Computer Scientist >> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA >> Office: 171-266B, Mailstop: 171-246 >> Email: [email protected] >> WWW: http://sunset.usc.edu/~mattmann/ >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> Adjunct Assistant Professor, Computer Science Department >> University of Southern California, Los Angeles, CA 90089 USA >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Chris Mattmann, Ph.D. Senior Computer Scientist NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA Office: 171-266B, Mailstop: 171-246 Email: [email protected] WWW: http://sunset.usc.edu/~mattmann/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Adjunct Assistant Professor, Computer Science Department University of Southern California, Los Angeles, CA 90089 USA ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
