[MOBY-dev] primitive datatype: Password

Pieter Neerincx pieter.neerincx at gmail.com
Tue Mar 24 13:06:57 UTC 2009 

Hi Sebastian,

Just a few comments/thoughts:

1. There is already a password datatype in the object ontology that  
you can use... It's not a primitive, but I don't see why it would have  
to be. It currently simply inherits from Object. Hence Password ISA  
Object. (There has been some discussion on wether or not to create  
more specialised objects without adding any children, but Password has  
been around for several years now...)

2. Secondaries are something different than Primitives. The Primitives  
are always (part of) primary inputs or outputs and the primitives are  
therefore part of the object ontology. Note that secondary inputs or  
outputs are not part of the object ontology. The secondaries do come  
in exactly the same flavors as the primitives: "String", "Integer",  
"DateTime", "Float", "Boolean". So I can understand the confusion...

Hence with what is currently available you can already use:
* A Password object as primary input.
* A String primitive with the articleName attribute password or  
something similar.
* A secondary input of type String with the articleName attribute  
password or something similar.

There are several services that use similar constructs. They all work  
just fine. The only problem is that there is no standardised mechanism  
for authentication in BioMoby, which is not so user friendly.... A  
standardised mechanism would be nice and having a password and  
optional login/accountname as primaries or secondaries makes sense to  
me. All we would have to do is agree on the object (for primaries) or  
type (for secondaries) and articleName for these.... Theoretically a  
secondary input is optional and a client should be able to leave it  
out. Most secured services will require a password though, so one can  
argue that passwords and logins must be primary inputs. I don't think  
it matters too much. As long as we standardise on something it would  
make it easier for clients to figure out how to do authentication.

There are several people who will probably suggest to handle logins  
and password on a different level. You can do it on the transport  
level, on the web server level, in the SOAP layer or you could use  
WSRF et al. Some of these would be theoretically more elegant, but  
they usually cause more overhead and more time to implement. Doing it  
in BioMoby ourselves is peanuts and gives us more control on how to do  
it: no external dependancies, libraries, etc. So I think handling  
authentication in BioMoby is the more pragmatic solution. My services  
use the Password object for several years now: it was easy to  
implement and works just fine :)

Cheers,

Pi


On 24•Mar•2009, at 10:27 AM, Sebastien Carrere wrote:

> Bonjour a tous,
>
> What do you think about setting a new primitive datatype "Password"  
> in addition to "String", "Integer", "DateTime", "Float", "Boolean"?
>
> We plan to use secondary inputs to control some web-services access  
> (using login/password).
> Defining such a primitive datatype for parameters could be usefull  
> for web interface: we could deal with this kind of parameters as we  
> do with password fields in HTML forms.
>
> What is your point of view ?
>
> Merci,
>
> Sebastien
> <Sebastien_Carrere.vcf>_______________________________________________
> MOBY-dev mailing list
> MOBY-dev at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/moby-dev

-------------------------------------------------------------
Wageningen University and Research centre (WUR)
Laboratory of Bioinformatics
Transitorium (building 312) room 1034

Dreijenlaan 3
6703 HA Wageningen
The Netherlands

phone: +31 (0)6-143 66 783
email: pieter.neerincx at gmail.com
skype: pieter.online
------------------------------------------------------------

More information about the MOBY-dev mailing list