Hi Alexandra, So first off, does this mean the security field you can see on processors in T2 are not applicable atm?
In any case, I've only partially implemented this so my services aren't expecting much yet, but since authentication is really all we need I'd like to keep it as simple as possible. The data we're giving out is all freely available. The services however are still in a test phase and will in the future allow updating of certain user-specific data. For this we need to know who users are but we're not terribly interested in encrypting data. I figured HTTP auth would be the easiest option to support, but I'd be interested in arguments for choosing WS-security profiles over this one. I'd rather not have to resort to using API keys in methods or something similar if I don't have to. Couldn't you autodetect http auth btw? Wait till the first connection throws a HTTP 401, prompt for a username/password, update all processors for that endpoint with the security information? regards, Wim Alexandra Nenadic wrote: > Hi Wim, > > We did some (unfortunately undocumented) work on supporting various > authentication methods for WSDL services - HTTP authentication as well > as WS-Security profiles. Most of the work is still in the prototype > stage and has not made it to the Taverna 2.1 beta. Also most of the WSDL > services that people use in the workflows are not secure and are > publicly available. The biggest problem for us, from Taverna's > standpoint, is discovering what 'kind' of security a service expects as > services do not seem to be using WS-Policy or some other means for > telling the client what kind of credentials to send to the service etc. > so the user has to configure it manually on the Taverna' side. Some work > has been done on the UI for describing 'security properties' of WSDL > services, however this is pretty hard for ordinary users and error > prone. On the other hand, there is a growing demand for security support > and this is something we'll definitely have a look very soon. > > Is HTTP Auth over https the only type of security your services are > expecting or you have a variety of security 'profiles'? It is always > good for us to have real life use cases as it is easier to add support > in Taverna for something that is really been used and is needed in real > life. > > Cheers, > Alex > > > Wim De Smet wrote: > >> Hi all, >> >> I'm having some trouble finding more info on the Taverna 2 security >> support. Specifically I was wondering about what authentication methods >> supports. Is it just WS-Security profiles or is there support for HTTP >> authentication methods too? If so, which ones? >> >> regards, >> Wim >> >> > > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ taverna-users mailing list [email protected] [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/
