[DAS] authentication summary

Andy Jenkinson andy.jenkinson at ebi.ac.uk
Tue Apr 13 13:44:23 UTC 2010


Hi all,

First of all, thank you to those of you who attended last week's DAS Workshop. I thought we had some interesting talks and, as ever, some productive and thought provoking discussions. As a follow up to the third day's discussion on authentication, I thought I would provide a quick summary:

There was an initial overview about the prospect of adopting OpenID delegated authentication in DAS (which is already used by the DAS registry and some DAS clients). Specifically, the core reliance of OpenID on HTTP browser redirects makes in unsuitable for DAS server-server communications.

Afterwards, two proposals emerged: firstly, that the DAS specification make a simple recommendation to use existing HTTP digest authentication, leaving DAS software to implement the components independently. Secondly, a DAS-specific delegated authentication model based around a trusted third party (probably the DAS registry) as the identity provider.

Each proposal has its own advantages and disadvantages in terms of both security and implementation considerations which we now need to debate within the community before we come up with a recommendation, so I have summarised both proposals on the wiki:
http://www.biodas.org/wiki/DAS1.6E#Authentication

Please feel free to edit as necessary, and comment on the list.

Cheers,
Andy



More information about the DAS mailing list