motivation for SSO_Next custom www-authenticate: {auth-scheme}
Mark Taylor
m.b.taylor at bristol.ac.uk
Mon Nov 18 16:17:43 CET 2024
On Mon, 18 Nov 2024, Paul Harrison wrote:
> > - You might authenticate to make a TAP query, get a DataLink file,
> > and save it for later use. When you re-load it the next day,
> > your application no longer has the same authentication context,
> > and attempting to follow access_urls in the DataLink table will
> > give you 401s. You don't know which registered service is
> > associated with the authentication required, but challenges
> > in the 401 headers can tell you how to authenticate.
> >
> This is a more compelling reason on the face of it, but if you accept my initial premise that services should not be handing out datalink references to protected URLs outside their security domain, then this can also be solved by the datalink response containing the ivorn of the service that produced the datalink response.
Where? As it stands the DataLink response table has no column
for such an ivorn.
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bristol.ac.uk https://www.star.bristol.ac.uk/mbt/
More information about the grid
mailing list