[MOBY-dev] Moby in a secure world

Pieter Neerincx Pieter.Neerincx at wur.nl
Thu Nov 22 14:16:06 UTC 2007 

Hi Andreas,

On 22-nov-2007, at 12:54, groscurt at mpiz-koeln.mpg.de wrote:

> Hiho,
>
> at the EU-Sol meeting in Rome we discussed the usability of Moby  
> for the
> project. One main issue was if it is possible to secure the data  
> send via
> WebServices and to ensure that only specific people are able to use
> specific webservices. This is because the EU-Sol is a closed  
> consortium
> with industry partners and they, but also the "normal" biologists,  
> demand
> to have a solution which guarantees such requirements.

In one of our collaborations I'm in a similar situation with a  
combined public / private consortium.
There are several ways to secure your services, that can already work  
with the current state of the BioMOBY art. The thing is that as far  
as I know there is not really a standard ... yet. So probably several  
people already have different mechanisms in place.

I'm using HTTPS to secure the connection. Next I do authentication on  
the web service level: in addition to other data I'm sending a  
BioMOBY object called "User" around. This contains a user ID, a  
password and an e-mail address. If necessary I validate those against  
an LDAP server. Instead of doing authentication on the web service  
level, you could also do authentication on the level of the web  
server or on the level of the transport layer. The reason I'm not  
doing this is that it would require extra logic for a workflow  
builder or client to handle this and not all of them do. Putting the  
user credentials inside the BioMOBY payload of the SOAP message makes  
sure this way of handling authentication works with any BioMOBY  
client :).

If anyone has a more elegant solution I'd love the hear about it!

Cheers,

Pi


> So what I was wondering if this issue already came up in Moby ? I'm
> currently getting started to understand the current principles of  
> securing
> WebServices, but i was wondering if someone has somehow experiences  
> with
> that ?
>
> So any comments and hints are welcome :-)
>
> Best
> andreas
>
> _______________________________________________
> MOBY-dev mailing list
> MOBY-dev at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/moby-dev
>

-------------------------------------------------------------
Wageningen University and Research centre (WUR)
Laboratory of Bioinformatics
Transitorium (building 312) room 1034

Dreijenlaan 3
6703 HA Wageningen
The Netherlands

phone:  0317-483 039
fax: 0317-483 584
mobile: 06-143 66 783
mail: pieter.neerincx at wur.nl
skype: pieter.online
------------------------------------------------------------

More information about the MOBY-dev mailing list