<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace">Dear Juan, Juan-Carlos,</div><div class="gmail_default" style="font-family:monospace">I think this discussion fits the DAL & GWS joint session</div><div class="gmail_default" style="font-family:monospace">foreseen in the current program on Saturday 12.</div><div class="gmail_default" style="font-family:monospace">There could be still some room for a talk from your side there.</div><div class="gmail_default" style="font-family:monospace">Let me know if you're interested.</div><div class="gmail_default" style="font-family:monospace"><br></div><div class="gmail_default" style="font-family:monospace">This from the DAL coordination.</div><div class="gmail_default" style="font-family:monospace"><br></div><div class="gmail_default" style="font-family:monospace">Personally I think the added parameters to securityMethod</div><div class="gmail_default" style="font-family:monospace">(the ones you propose or others to be defined) as children</div><div class="gmail_default" style="font-family:monospace">are needed in many sense, not only for different auth protocols.</div><div class="gmail_default" style="font-family:monospace">I'm thus curious to hear the discussion.</div><div class="gmail_default" style="font-family:monospace"><br></div><div class="gmail_default" style="font-family:monospace">Cheers</div><div class="gmail_default" style="font-family:monospace"> Marco</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno gio 3 ott 2019 alle ore 12:12 Juan Gonzalez <<a href="mailto:juan.gonzalez@sciops.esa.int">juan.gonzalez@sciops.esa.int</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">Dear Mark, IVOA DAL,</div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">Following the discussions in Paris and your early implementation of authentication methods description in VOSI capabilities in TOPCAT, JC. Segovia has prepared a test service of our Gaia TAP including the response with 'securityMethod' items to 'ivo://<a href="http://ivoa.net/std/TAP" target="_blank">ivoa.net/std/TAP</a>' capabilities as follows:</div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="text-align:start;text-indent:0px"><securityMethod/></div><div style="text-align:start;text-indent:0px"><securityMethod standardID="ivo://<a href="http://ivoa.net/sso#cookie" target="_blank">ivoa.net/sso#cookie</a>"/></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br>We tested this with the early implementation version of TOPCAT you provided in Paris (topcat-full_tap11b.jar). We were able to specify our service using 'cookies' as security method. But we were not able to retrieve any table nor to launch any sync/async query using a private table with the current Gaia TAP. The service may be added, cookie authentication method selected, and provision of the cookie retrieved as text <span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline">JSESSIONID=xxxx. We get a 'Table Metadata Error' error: java.io.IOException: Table resource access failure (500 500). Apparently the tool is adding an extra /tables string to the URL before invoking the service (like /tap-server/tap/tap/tables). We can provide you further details or the test service if you wish to dig further this.</span></span></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">Nevertheless, we think some extra parameters would be required under the 'securityMethod' item in order to have enough flexibility to interpret any cookie-based authenticated TAP. As a minimum we feel it shall be added a login URL, username and password HTTP parameters names, cookie identifier and HTTP method (get vs post) as follows:<br><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"><securityMethod standardID="ivo://<a href="http://ivoa.net/sso#cookie" target="_blank">ivoa.net/sso#cookie</a>"></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"> <param id="url" ucd="meta.ref.url" utype="Access.reference"><span id="gmail-m_-8131610073526955955OBJ_PREFIX_DWT78_com_zimbra_url" style="color:rgb(0,90,149);text-decoration:none"><span id="gmail-m_-8131610073526955955OBJ_PREFIX_DWT85_com_zimbra_url" style="color:rgb(0,90,149);text-decoration:none"><span id="gmail-m_-8131610073526955955OBJ_PREFIX_DWT92_com_zimbra_url" style="color:rgb(0,90,149);text-decoration:none"><span id="gmail-m_-8131610073526955955OBJ_PREFIX_DWT99_com_zimbra_url" style="color:rgb(0,90,149);text-decoration:none"><a href="https://gea.esac.esa.int/tap-server/login" style="color:rgb(0,90,149);text-decoration:none" rel="noopener" target="_blank">https://host/tap-server/login</a></span></span></span></span></param><span> </span></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"> <param id="method" ucd="meta.ref.method" utype="Request.method">POST</param></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"> <param id="user" ucd="<a href="http://login.name" target="_blank">login.name</a>" utype="Request.param">username</param></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"> <param id="pwd" ucd="login.password" utype="Request.param">password</param></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"> <param id="cookie" ucd="login.cookie" type="Response.cookie">JSESSIONID</param></span><br><span style="font-family:"courier new",courier,monaco,monospace,sans-serif"></securityMethod></span><br></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><br></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">Probably similar parameters could be added for the case of <span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline">'tls-with-certificate' services.<br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline">What are your opinions about this? Could this be a discussion item for the upcoming Interop?</span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline">Regards,</span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:16px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration:none;float:none;display:inline">J. González and JC. Segovia</span></div></div><div><br></div><div>-- <br></div><div>-- <br>Juan Gonzalez <a href="mailto:juan.gonzalez@sciops.esa.int" target="_blank">juan.gonzalez@sciops.esa.int</a><br>ESAC Science Data Centre<br>European Space Agency (ESA) - SERCO<br><br>European Space Astronomy Centre (ESAC)<br>Camino Bajo del Castillo, S/N Tel: +34 91 813 14 82<br>Villanueva de la Canada,, 28691, Madrid, SPAIN Fax: +34 91 813 13 22<br>---------------------------------------------------------------------</div></div><pre>This message is intended only for the recipient(s) named above. It may contain proprietary information and/or
protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received
this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect
personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (<a href="mailto:dpo@esa.int" target="_blank">dpo@esa.int</a>).
</pre></div></blockquote></div></div>