Re: [thredds] [Opendap-tech] OPeNDAP authentication


On Aug 28, 2009, at 11:06 AM, John Caron wrote:

Patrick West wrote:
OPeNDAP/G (Gridded OPeNDAP) currently does not support X509 certificates or authentication. The BES does currently support X509 authentication during connection using SSL. And we are currently developing modifications in the BES to allow for secure connections and secure requests to be sent to the BES, allowing clients to pass along security certificates and store them in the BES to be used on behalf of the client for authorization purposes. This will be especially useful in a gridded environment or where the BES is working in paralellel with other BES processes to handle requests. A module can be written and dynamically loaded into the BES to handle authorization. There is no generic authorization in the BES. I personally haven't tried it, but since the front-end of Hyrax is a tomcat servlet that you can utilize any authentication within tomcat, as is mentioned in another email. To my knowledge, the only client of the BES that supports SSL authentication is the bescmdln (BES Command Line) client, which is mostly a testing client. We are developing a Globus module for the Earth System Grid project that will use the BES authentication. The CEDAR project at UCAR developed a BES plugin to handle simple user authentication, as well as additional response types and a reporting mechanism for data usage tracking.
Patrick West
Rensselaer Polytechnic Institute
Tetherless World Constellation
http://tw.rpi.edu

Hi Patrick:

Could you explain the relationship of a "BES client" vs an "OPeNDAP client" ? Is this the same?

An OPeNDAP client, in the typical example, sends a OPeNDAP URL to a OPeNDAP server. This is the case with the old Server 3 system (CGI) as well as the new Server 4 (Hyrax), where the OLFS acts as the front-end of the Hyrax server. A browser is a client of the OLFS, or the Matlab client, or idl-client, etc... These clients communicate with the OLFS using an OPeNDAP URL. The OLFS takes that URL and builds an XML request document that is then passed to the BES for processing. The OLFS is a client of the BES, in a sense.

A client of the BES communicates with the BES using a OPeNDAP XML request document instead of a OPeNDAP URL.

Patrick




  • 2009 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: