SSO authentication: a new approach

John Good jcg at ipac.caltech.edu
Mon Mar 21 08:47:49 PST 2005 

Ray -

>Fact: many, many portals today allow users to store state on their sites 
>without confirmed assurance of their identities.  (Take shopping 
>carts, for example.)  What state can be stored is highly controlled so as 
>not to be a security risk, and yet it is highly useful. 
>
All the portal I can think of allow either creation of trivial amounts 
of data or
creation/upload of data for a very specific purpose. Of course such use 
will
continue and will continue to be accessible anonymously.  The problem with
VOStore (and the one that requires user authentication) is that it will 
also be
useable as a distributed file system.

Basically, if a user can upload an arbitrary file anonymously and propogate
a URL so that others can access it anonymously, we have a big problem.

All IRSA services create result subdirectories in a workspace tied to
the user by HTTP cookie.  As soon as there is a final spec, that workspace
will become a VOStore.  We will continue to allow anonymous
access through the same mechanisms we do now, including upload of
files for specific purposes (e.g. catalog cross-comparison) but we will
NOT allow a general  "PUT" by anyone who does not have a confirmed
identity.

>Will VO providers wish to do a similar thing?  Will they want to put their 
>users though the hassles of confirmed registration just so that they can 
>temporarily store the output of a database query from their own service 
>(like saving a travel itinerary)?  This is the kind of permission that 
>could be assigned to anonymous group.  If we want this, do we want the 
>access control associated with this feature to be compatible with stronger 
>authorization policies?
>
In some ways, I see this as a non-issue.  The VO community has to
have ways of reliably checking and passing identity to support certain
usage scenarios.  However, the individual service provider is a perfect
liberty to only use this when they feel it is warranted; any "requirement"
for this on our part will be ignored.

- John

More information about the grid mailing list