[DAS] authentication summary
Andy Jenkinson
andy.jenkinson at ebi.ac.uk
Tue Apr 13 17:17:48 UTC 2010
On 13 Apr 2010, at 17:48, Jim Procter wrote:
> Thanks for posting this, Andy.
>
>
> On 13/04/2010 14:44, Andy Jenkinson wrote:
>> Afterwards, two proposals emerged: firstly, that the DAS specification make a simple recommendation to use existing HTTP digest authentication, leaving DAS software to implement the components independently. Secondly, a DAS-specific delegated authentication model based around a trusted third party (probably the DAS registry) as the identity provider.
>>
>> Each proposal has its own advantages and disadvantages in terms of both security and implementation considerations which we now need to debate within the community before we come up with a recommendation, so I have summarised both proposals on the wiki:
>> http://www.biodas.org/wiki/DAS1.6E#Authentication
>>
> I didn't participate in the fine details of the discussion last friday, but I wondered afterwards if anyone had considered adopting the Globus authentication model. Grid based authentication for programmatic web services has now been around for a number of years in a number of guises (the Globus toolkit is the one I know of), and may already address all the requirements and concerns raised at the meeting.
>
> My 2c..
> Jim.
>
> ps. I can point out some people who may be worth approaching regarding Globus or Shibboleth style third-party ident/auth middleware if people wish.
Definitely worth a shout, I'll do some research.
More information about the DAS
mailing list