Re: [thredds] OPeNDAP authentication

Hi Philip :)

Kershaw, Philip (STFC,RAL,SSTD) wrote:
Hi all,

I'm interested in all of this for securing a pyDAP based service.  This looks 
to be what we want in terms of the steps for SSL based authentication:

http://www.unidata.ucar.edu/projects/THREDDS/tech/reference/HTTPsecurityChallenge.html

Although in our case to enable single sign we would like the authentication to 
be based on the client certificate so that we can support single sign on using 
MyProxy.


We're testing a setup using certificate authentication through Apache instead of using THREDDS or Tomcat. Where authentication uses SLCS certificates directly (not proxy, or myproxy for that matter). How are you incorporating single sign on (assuming this means OpenID or Shibboleth) with client certificates? Or do you mean the MyProxy credentials *is* the SSO, and would unlock a certificate that will be used across multiple services (including stuff like GridFTP)?

Have any of you done much in the way of authentication interoperability tests 
between different client and server implementations?


Nope... We're hoping to keep authentication to either the container or web server so then it would be independent of the underlying webapp. I'm hoping client certificates would *just work* on the standard HTTP clients for the C, Java and Python OPeNDAP client libraries (i.e. curl, httpClient and httplib2(?)). We should be doing some testing soon...

Cheers,

-Pauline.

--
Pauline Mak

Assistant Manager, ARCS Data Services
Ph:  +61 3 6226 7518
Mob: +61 411 638 196
Email: pauline.mak@xxxxxxxxxxx
Jabber: pauline.mak@xxxxxxxxxxx
Calendar: http://tinyurl.com/pmak-arcs-calendar
http://www.arcs.org.au/

TPAC
Email: pauline.mak@xxxxxxxxxxx
http://www.tpac.org.au/





  • 2009 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: