VOSI and anonymous access

Patrick Dowler pdowler.cadc at gmail.com
Mon Oct 3 23:08:32 CEST 2016


I'm in the process of clarifying some text in WD-TAP-1.1 about the use
of fixed names resources and various authentication mechanisms and it
became clear that the VOSI-availability and VOSI-capabilities
resources must be provided with anonymous access or they are almost
useless.

For capabilities, the client makes an anonymous call to find out which
resources require authentication and which securityMethod to use, so
this is clearly a bootstrap problem.

For availablity, I envision a client  trying to call a service and
failing and the calling the availability resource to see if the
service is functioning correctly. This helps to disambiguate
authentication failures (beyond simply grok'ing the response codes)
from service failure modes (that are all too real :-). It looks to me
that to be useful anonymous availability has to be available.

Technically, services could also provide authenticated availability
and capabilities but cannot see any concrete use cases... maybe
performing more extensive availablity checks for certain users or
describing additional capabilities to certain users -- so I would not
disallow this on custom resources.

So, I would like to maybe simplify TAP to say that anonymous
availability and capabilities must be provided (and on /capabilities
for the latter) and I think this could be added to VOSI-1.1 and only
referenced from TAP.

-- 
Patrick Dowler
Canadian Astronomy Data Centre
Victoria, BC, Canada


More information about the grid mailing list