On Fri, Oct 8, 2010 at 16:23, Donal K. Fellows <[email protected]> wrote: > For securing access to the server, we plan to leverage the security of the > container (i.e., Tomcat in all currently tested installations). This can be > configured to use HTTPS to secure the connection, meaning we can then use > username and password inside that secure connection to actually do the > securing of the server itself. This is Good because these are extremely well
Do you by this mean HTTP Basic Auth within an HTTPS connection, or using username/passwords directly in the SOAP and REST API calls..? > tested production facilities. (There's also a potential to use other > authentication/authorization systems here, but we don't plan to do them for > the next release as they require a lot more complexity elsewhere.) Like OAuth..? (Used by myExperiment and BioCatalogue REST APIs - but I assume not so useful for SOAP) > We plan to allow the use of the username/password to check against the > system user database (Tomcat supports this with many variations, e.g., LDAP, > Windows domains, etc.) Sounds good. We should probably provide (pointers to) documentation for typical use cases, say standalone user database for the Taverna Server only, or integrated with an organisation's LDAP (including Active Directory) or local UNIX passwords (PAM). -- Stian Soiland-Reyes, myGrid team School of Computer Science The University of Manchester ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ taverna-hackers mailing list [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/about/contact-us/ Developers Guide: http://www.taverna.org.uk/developers/
