On Aug 28, 2009, at 11:06 AM, John Caron wrote:
Patrick West wrote:
OPeNDAP/G (Gridded OPeNDAP) currently does not support X509
certificates or authentication. The BES does currently support X509
authentication during connection using SSL. And we are currently
developing modifications in the BES to allow for secure connections
and secure requests to be sent to the BES, allowing clients to pass
along security certificates and store them in the BES to be used on
behalf of the client for authorization purposes. This will be
especially useful in a gridded environment or where the BES is
working in paralellel with other BES processes to handle requests.
A module can be written and dynamically loaded into the BES to
handle authorization. There is no generic authorization in the BES.
I personally haven't tried it, but since the front-end of Hyrax is
a tomcat servlet that you can utilize any authentication within
tomcat, as is mentioned in another email.
To my knowledge, the only client of the BES that supports SSL
authentication is the bescmdln (BES Command Line) client, which is
mostly a testing client. We are developing a Globus module for the
Earth System Grid project that will use the BES authentication.
The CEDAR project at UCAR developed a BES plugin to handle simple
user authentication, as well as additional response types and a
reporting mechanism for data usage tracking.
Patrick West
Rensselaer Polytechnic Institute
Tetherless World Constellation
http://tw.rpi.edu
Hi Patrick:
Could you explain the relationship of a "BES client" vs an "OPeNDAP
client" ? Is this the same?
An OPeNDAP client, in the typical example, sends a OPeNDAP URL to a
OPeNDAP server. This is the case with the old Server 3 system (CGI) as
well as the new Server 4 (Hyrax), where the OLFS acts as the front-end
of the Hyrax server. A browser is a client of the OLFS, or the Matlab
client, or idl-client, etc... These clients communicate with the OLFS
using an OPeNDAP URL. The OLFS takes that URL and builds an XML
request document that is then passed to the BES for processing. The
OLFS is a client of the BES, in a sense.
A client of the BES communicates with the BES using a OPeNDAP XML
request document instead of a OPeNDAP URL.
Patrick