[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: thredds access control

Bryan Lawrence wrote:
Hi John

Michael mentioned that the upcoming thredds versions will have access control metadata.

Have you any plans to implement this in such a way that someone could run *one* thredds data server with two or more datasets behind it which had differing access control regimes (i.e. one could limit a specific user's access to only one of the available datasets for example). If so, how would that interact with Opendap?

Our current plan is to piggyback on the Tomcat security roles and authentication. In that scheme, there can be as many roles as needed.

The plan is to add an accessControl tag to a dataset element in the TDS catalog. This will mean that only users with that Tomcat "role" are allowed to read the dataset or any datasets it contains. Probably, the user will have to have previously logged onto the server and the opendap client will have to be sending the Authenticate header along with the request. The TDS will programmatically check with Tomcat that the user has rights to that role.

This is the plan, there way be some details that get changed when implementing. 
Im hoping to have this working by Dec.

Thanks in advance, Bryan

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.