Authentication is odd in that you trust each institution's SHRINE/i2b2 setup to handle the end user authentication for their site and trust any/all SHRINE nodes or hubs that you want.
So, UTSW trusts the SNOW hub, SNOW hub trusts UTSW and KUMC, KUMC trust snow hub, so by transitive property, UTSW trust KUMC. Any user can authenticate at KUMC, or UTSW, or any other sites trusted by SNOW, and they will be able to query the network. The trust is established between sites by exchanging and trusting certificates on the servers. If the SNOW hub were to exchange certs with Unknown University, we would all trust known university. Users login to their local SHRINE node. Example query: UTSW User->logs into -> UTSW SHRINE-Query to UTSW SHRINE->Flows to SNOW HUB ->Out to rest of network. Does that make sense? Phillip From: Gpc-dev <[email protected]<mailto:[email protected]>> on behalf of Dan Connolly <[email protected]<mailto:[email protected]>> Date: Tuesday, January 3, 2017 at 9:35 AM To: Wanta Keith M <[email protected]<mailto:[email protected]>> Cc: Lav Patel <[email protected]<mailto:[email protected]>>, "<[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]>> Subject: SNOW authentication, client set-up? Keith, We were going over the SNOW docs with the folks at KUMC that handle the firewalls, and I couldn't tell exactly how authentication works. I didn't see much mention of a client in the docs<https://wiki.ctri.mcw.edu/pages/viewpage.action?pageId=44991731> at all. In the Linux part<https://wiki.ctri.mcw.edu/pages/viewpage.action?pageId=35488903>, I did see instructions to change i2b2_config_data.js to add a domain, but the urlCellPM is a 10.x.x.x address. Our current i2b2 web client is inside the firewall; the index.php is on the same host as jboss and i2b2, so the PHP curl call goes across localhost. Is the SNOW PM cell at MCW? If so, that curl call will have to be able to go out over the Internet to MCW, yes? What would help me is a bullet list or diagram showing exactly which HTTP messages go where when somebody logs into SNOW and issues a query and gets results. -- Dan ________________________________ UT Southwestern Medical Center The future of medicine, today.
_______________________________________________ Gpc-dev mailing list [email protected] http://listserv.kumc.edu/mailman/listinfo/gpc-dev
