VOEvent 1.1 new draft with STC elaboration
Rob Seaman
seaman at noao.edu
Mon May 8 09:49:30 PDT 2006
On May 8, 2006, at 9:34 AM, Alasdair Allan wrote:
> Remember authorisation and authentication are very different
> beasts. I think authentication will turn out to be a VOEvent
> problem, but authorisation will remain a transport layer problem...
> and I don't really think the transport layer is our problem,
> interesting and we should keep up to date with how VOEvent is being
> used. But transport isn't the VOEvent WG problem...
Am not myself very interested in authorization in the VO sense of a
single login access method. Would assume VOEvent - or rather,
implementers of VOEvent compliant systems such as VOEventNet - will
rely on inheriting the login strategy and mechanisms that the IVOA
and national VO centers adopt. That said, this still may have
implications for XML based standards such as VOEvent. Perhaps we'll
need to add access control attributes to our elements.
We may, however, want to consider whether VOEvent signatures should
be part of a coherent packet encryption mechanism. Encryption could
be implemented as part of the transport layer - or as part of the
VOEvent specification. Do not believe that encryption itself is a
v1.1 issue, but support for authentication could be part of a staged
response to deploying such technology. Suggest this is worth a few
more cycles before we determine if there is time enough to reach a
consensus before v1.1.
Rob
More information about the voevent
mailing list