authcheck endpoint

Mark Taylor m.b.taylor at bristol.ac.uk
Wed Jun 23 15:31:52 CEST 2021 

Pat (and GWS),

from the GWS auth telecon yesterday I understand you're sceptical about
the requirement for an authcheck endpoint that I'd like to see,
so this is to try to persuade you that it, or something doing a
similar job, is (IMO) required.  I agree that as a service endpoint
it looks kind of dumb since it apparently doesn't do anything,
but I can't see how a client like topcat is going to do a good
job of authenticated access - especially optionally authenticated 
access - to TAP-like services without it.

I discussed the requirement in my talk at the Nov 2020 interop,
see slide 6 of:

   https://wiki.ivoa.net/internal/IVOA/InterOpNov2020GWS/auth.pdf

The basic problem is that I (topcat) need to know before starting 
to access a service, for instance prior to metadata acquisition
as well as to user query submission, what kind of authentication
is appropriate.  That information could come from the content 
of the capabilities document (securityMethod details), but we 
seem to be moving away from that model to conveying the 
information by WWW-Authenticate challenges instead (which I support).

So the question is how to provoke such a WWW-Authenticate challenge.
I'd be quite happy to use one of the existing endpoints if it could
be relied on to do the job, but none of them seem to fit, at least
without some additional standardisation.

If you're unconvinced that I need this information, I can try
harder to persuade you.  If you think I can get it from existing
endpoints, I'm happy to consider suggestions.  Otherwise - authcheck!
Or similar.  I don't care what it's called, but Markus has
implemented an endpoint with that name
(http://dc.g-vo.org/tap/authcheck) so it'll do if nobody
comes up with something better.

If we can agree it's required, we can tackle the details of the
requirements (endpoint name, what standard specifies it,
which HTTP methods must be supported, whether it's mandatory
for anon-only services, etc).

Mark

--
Mark Taylor  Astronomical Programmer  Physics, Bristol University, UK
m.b.taylor at bristol.ac.uk          http://www.star.bristol.ac.uk/~mbt/

More information about the grid mailing list