Authentication and DataLink

Mark Taylor M.B.Taylor at bristol.ac.uk
Fri Jan 17 14:55:46 CET 2020 

Hi GWS (and maybe lurking DAL people),

I have a question about how authentication is supposed to work
with DataLink (and possibly similar services), related to some 
experimentation I'm doing with the Gaia archive.

In Gaia's case there is an authenticated TAP service, which returns tables
that may have a datalink_url column pointing at DataLink resources.
The DataLink resources themselves also require authenticated access.
As currently implemented, the Gaia service requires *different*
credentials (separate cookies) for the TAP and DataLink services,
though even if the authentication was the same I see difficulties.

My prototype auth-capable TOPCAT negotiates authentication when
the user chooses a TAP service: it finds out what auth methods
are available from the tap/capabilities file, offers that choice
to the user, and asks for credentials as appropriate.  It then
takes care to use these credentials for subsequent interactions
with that TAP service.  There are a few things to iron out still,
but the basic model can be made to work.

However, DataLink, at least as used from TOPCAT, isn't like that.
The user doesn't select a DataLink service from a list and then
declare that they want to start interacting with it.
Rather a URL that points at a DataLink service gets used as a
source of tables in some other context.  Typical usage:
the user configures an "activation action" that causes the
table referenced by the datalink_url column to get loaded into
TOPCAT when a table row is selected
(http://www.starlink.ac.uk/topcat/sun253/LoadTableActivationType.html).
In this case, as far as TOPCAT's concerned this is just a URL pointing
at a table, and it doesn't know either that it's from a DataLink service 
or that it's associated with given TAP service (with particular 
authentication).  So it doesn't know what authentication to use, 
or even that it is supposed to retrieve it using authenticated access 
(until it gets an access error).

This problem has only recently occurred to me.  I have some half-baked
ideas about how to tackle it, but they all seem problematic.
I might be missing something obvious.  Is there somebody with a clear
idea of how they would expect this to work, in particular from a
user experience point of view?

Thanks

Mark

--
Mark Taylor   Astronomical Programmer   Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-9288776  http://www.star.bris.ac.uk/~mbt/

More information about the grid mailing list