TAP/UWS authentication - short survey
Matthew Graham
mjg at cacr.caltech.edu
Mon Aug 8 10:08:52 PDT 2011
Hi Matthias,
You should certainly have a look at the IVOA Recommendation for SSO (http://www.ivoa.net/Documents/latest/SSOAuthMech.html) in case you have not already done so. This recommends X.509 certificates also says that "HTTP basic authentication shall not be used".
The VAO is working on an OpenID system tied to our existing X.509 service.
Cheers,
Matthew
On Aug 8, 2011, at 9:43 AM, matthias egger wrote:
>
> Hi DAL/Grid List Members,
>
> in the course of (beta-) testing our TAP service with TOPCAT we again
> came across the topic of authentication and SSO.
>
> we need to protect our web services with a user-login, while TOPCAT's
> TAP interface currently does not support this.
>
> we wonder know, what is the best practice there in the context of ivoa,
> tap/uws?
>
>
> so i'd like to start a short discussion/survey about whether some of you
> have similar requirements and esp. which - if any - authentication
> system you are currently using, and possibly whether you also use
> distributed (web-) SSO protocols like SAML2 or openID.
>
> in short:
>
> * do you run a TAP service which requires authentication
>
> * if yes: which authentication method/system do you use:
>
> * (HTTP) BASIC
>
> * FORM-Based
>
> * X.509 Certificates
>
> * SAML2
>
> * OpenID
>
> * other: ?
>
>
> background is that we need to put security on top of our
> web-applications (also considering frameworks like openID and
> SAML2/Shibboleth) and would like to hear what is most common and
> recommend in ivoa,
> also whether it is worth implementing (most common web-) authentication
> support in client tools e.g. TOPCAT.
>
>
> any feedback is every welcome.
>
> thanks and regards! matthias
>
>
>
> --
> --------------------------------------------------
> Matthias Egger
> Max Planck Institute for Astrophysics
> web: www.mpa-garching.mpg.de
> email: megger at mpa-garching.mpg.de
> fon: +49-89-30000-2040
> fax: +49-89-30000-2235
> --------------------------------------------------
>
More information about the dal
mailing list