Special Session in Cape Town: Authentication and Authorization

Brian Major major.brian at gmail.com
Thu Mar 24 23:44:11 CET 2016

Dear IVOA,

The interoperability meeting in Cape Town, May 9-13, will have a special
session, co-hosted by the Grid and Web Services and Applications working
groups, focussing on Authentication and Authorization in the Virtual

GWS & Apps: Interoperable Authentication and Authorization

It is in the interest of the IVOA to have its standards be part of the core
architecture of major astronomy projects.  If requirements such as
authorized queries and access to proprietary data are not met sufficiently
by the IVOA there is a risk of low adoption.  Because the concepts of
authentication and authorization run orthogonal to most IVOA efforts, it is
important to present a consistent, interoperable approach.

Authentication has been part of the IVOA infrastructure for a number of
years now.  The VOResource document (here
<http://www.ivoa.net/documents/latest/VOResource.html>) describes how
security methods (authentication mechanisms) can be associated with access
URLs.  The Single Sign-On document recommends specific security methods
that can be supported, and the 2.0 version (here
<http://www.ivoa.net/documents/SSO/20151029/index.html>, in progress)
updates these recommendations and defines their standard IDs.  A number of
standards outline how clients and servers negotiate the use of these
security methods.

This session will be an open discussion on how to make use of these
capabilities.  How can services support the various security methods?  How
can services make authorization decisions once clients are authenticated?
How should clients interact with services with proprietary data or
metadata?  How can clients best present authentication and authorization
choices to users?

If you have an interest in a particular topic, have ideas or examples to
help answer these questions, or would like to contribute, please get in
touch and we can discuss it.  Otherwise, I encourage you to consider your
institution's or astronomy project's current approach to authentication and
authorization and how you would best accomplish proprietary queries and
proprietary data access in VO services.


Brian Major and Giuliano Taffoni - Grid and Web Services Working Group
Pierre Fernique and Tom Donaldson - Applications Working Group
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ivoa.net/pipermail/interop/attachments/20160324/f79e88da/attachment.html>

More information about the interop mailing list