On 11/10/2010 04:03, Stian Soiland-Reyes wrote:
On Fri, Oct 8, 2010 at 16:23, Donal K. Fellows <[email protected]> wrote:For securing access to the server, we plan to leverage the security of the container (i.e., Tomcat in all currently tested installations). This can be configured to use HTTPS to secure the connection, meaning we can then use username and password inside that secure connection to actually do the securing of the server itself. This is Good because these are extremely wellDo you by this mean HTTP Basic Auth within an HTTPS connection, or using username/passwords directly in the SOAP and REST API calls..?
I mean HTTP Basic Auth over HTTPS. Like that we leverage the container for the authentication, rather than having to reinvent it ourselves.
tested production facilities. (There's also a potential to use other authentication/authorization systems here, but we don't plan to do them for the next release as they require a lot more complexity elsewhere.)Like OAuth..? (Used by myExperiment and BioCatalogue REST APIs - but I assume not so useful for SOAP)
That's one example. There's lots of them. (Part of the problem is that there are lots of them...) At the low level, I'm thinking particularly of SAML/XACML, but this is an area where I know I will need to talk to others.
We plan to allow the use of the username/password to check against the system user database (Tomcat supports this with many variations, e.g., LDAP, Windows domains, etc.)Sounds good. We should probably provide (pointers to) documentation for typical use cases, say standalone user database for the Taverna Server only, or integrated with an organisation's LDAP (including Active Directory) or local UNIX passwords (PAM).
Of course. Donal.
<<attachment: donal_k_fellows.vcf>>
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
_______________________________________________ taverna-hackers mailing list [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/about/contact-us/ Developers Guide: http://www.taverna.org.uk/developers/
