SSO authentication: a new approach
Ray Plante
rplante at ncsa.uiuc.edu
Sun Mar 20 22:47:53 PST 2005
On Sat, 19 Mar 2005, Guy Rixon wrote:
> If we went with this model, what privileges can be authorized for the
> anonymous group? If they can't be allowed to use VOStores then it's not very
> helpful.
Sorry--I feel like a broken record here. Maybe it's time someone told
me to sit down. But here goes...
Fact: many, many portals today allow users to store state on their sites
without confirmed assurance of their identities. (Take shopping
carts, for example.) What state can be stored is highly controlled so as
not to be a security risk, and yet it is highly useful.
Will VO providers wish to do a similar thing? Will they want to put their
users though the hassles of confirmed registration just so that they can
temporarily store the output of a database query from their own service
(like saving a travel itinerary)? This is the kind of permission that
could be assigned to anonymous group. If we want this, do we want the
access control associated with this feature to be compatible with stronger
authorization policies?
Will VO providers wish to do a similar thing? If we really don't think
so, then I'll get off my hobby horse.
cheers,
Ray
More information about the grid
mailing list