VOSI and anonymous access

Brian Major major.brian at gmail.com
Mon Nov 21 22:41:56 CET 2016


Hi Pat and all,

As there haven't been any objections to this idea, I have added a bit of
text to the VOSI 1.1 document stating that anonymous access to the
capabilities and availability must be provided.

At the end of section 4:

"The capabilities and availability endpoints must not require any
credentials
to view. Thus, the interface registry entries for capabilities
and availability
must not contain a securityMethod element."

I think this is a harmless addition but if you have any comments please
reply soon--VOSI 1.1 RFC period end is overdue.

Cheers,
Brian

On Mon, Oct 3, 2016 at 2:08 PM, Patrick Dowler <pdowler.cadc at gmail.com>
wrote:

> I'm in the process of clarifying some text in WD-TAP-1.1 about the use
> of fixed names resources and various authentication mechanisms and it
> became clear that the VOSI-availability and VOSI-capabilities
> resources must be provided with anonymous access or they are almost
> useless.
>
> For capabilities, the client makes an anonymous call to find out which
> resources require authentication and which securityMethod to use, so
> this is clearly a bootstrap problem.
>
> For availablity, I envision a client  trying to call a service and
> failing and the calling the availability resource to see if the
> service is functioning correctly. This helps to disambiguate
> authentication failures (beyond simply grok'ing the response codes)
> from service failure modes (that are all too real :-). It looks to me
> that to be useful anonymous availability has to be available.
>
> Technically, services could also provide authenticated availability
> and capabilities but cannot see any concrete use cases... maybe
> performing more extensive availablity checks for certain users or
> describing additional capabilities to certain users -- so I would not
> disallow this on custom resources.
>
> So, I would like to maybe simplify TAP to say that anonymous
> availability and capabilities must be provided (and on /capabilities
> for the latter) and I think this could be added to VOSI-1.1 and only
> referenced from TAP.
>
> --
> Patrick Dowler
> Canadian Astronomy Data Centre
> Victoria, BC, Canada
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ivoa.net/pipermail/grid/attachments/20161121/0da93762/attachment.html>


More information about the grid mailing list