NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Hi Mike, >Hi Phil (no escaping my mail list lurking!), Great to hear from you :) > >On 14/03/11 19:29, philip.kershaw@xxxxxxxxxx wrote: >> If for example you had a TDS running, there is standard middleware >> for ESG that you could front it with to secure it. If you also had a >> portal for users to sign in to you would almost certainly have a >> MyProxy server configured too. Probably best if I pass on more >> details off listŠ > >Actually, if you have a (reasonably straightforward) howto + caveats, it >might be rather useful to send it to the list. I imagine there are a >lot of people interested in federated logins - we're definitely still >watching this topic at NEODAAS. If you want federated login then you could get this with the Earth System Grid Federation stack. This has been rolled out at a number of organisations. The 'Data Node' includes a TDS configured with security filters for OpenID and PKI based authentication (accepts credentials from a MyProxy server). The 'Gateway' approximates in security terms to an Identity Provider. This includes an OpenID Provider and MyProxy server for OpenID and PKI based single sign on respectively. If you want to get involved and try out the code you could join the lists and get in touch: Gateway: http://mailman.earthsystemgrid.org/mailman/listinfo/esg-gateway-dev Data Node: mailto:majordomo@xxxxxxxxxxxxxx with subscribe esg-node-dev@xxxxxxxxxxxxxx in the body GO-ESSP: http://mailman.ucar.edu/mailman/listinfo/go-essp-tech If you are really after delegation capability - services requesting resources with privileges delegated from a user then you might be interested in the MashMyData project. This builds on ESGF security infrastructure to enable delegation. We are chaining a portal to an OGC Web Processing Service which itself calls ESGF-secured OPeNDAP services. Delegation is done with GSI - proxy certificates. The project is currently underway so it's not at the stage where it's production ready. I've written up some more info about the security model here: http://philipkershaw.blogspot.com/2010/12/mash-my-security-for-mashmydata.h tml Would be great to hear about any other work going on in this area! Cheers, Phil -- Scanned by iCritical.
thredds archives: