airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Marru <sma...@apache.org>
Subject Re: Initial outline of features for 0.6 Airavata release
Date Sun, 11 Nov 2012 13:16:16 GMT
Hi Amila,

>>>> 2. Security framework for Airavata web services
>>>> This is the first introduction of a security framework for working with
>>>> Airavata system. For 0.6 we will have this security framework applied to
>>>> the Registry Rest service. Currently supporting authentication mechanisms
>>>> based on above framework are the following,
>>>> 
>>>> - Basic Authentication [shipped as the default configuration with h2
>>>> back-end]
>>>> - Session Authentication
>> 
>> We first should asses the feasibility and implementation on adding security modules
into the release. Since they are in the sandbox now, probably a good time to merge them into
trunk and brainstorm how this will impact tutorials and so forth. I see an open JIRA's on
this - AIRAVATA-560.
> 
> +1.
> 
> Let me further explain about the security framework. The security
> framework is mainly focusing on the REST service interface. Using this
> security framework we can build implementations to handle various
> protocols, such as BasicAuth, OAuth, NTLM etc ... Also using security
> framework we can implement plugins to connect to various user stores
> such as databases, LDAP server, external web services etc ...
> As per now we have following protocol implementations,
> 1. Basic Auth
> 2. Session Ticket
> 
> We have following user store connecters,
> 1. Database
> 2. LDAP
> 
> In addition to above, using the framework, users can implement their
> own protocol implementations and user store implementation.
> Users are required to modify a configuration file called
> authenticator.xml inorder to enable security. I will write a tutorial
> on this.
> 
> Further for demonstrating purpose we will be creating a user table in
> our default database (Derby) and use that for authenticating users.
> Also we will provide an interface to register new users.
> 
> Further feedback appreciated.

This sounds like a good plan. Just want to clarify, your current plan is to enable security
for the registry service rest interface right? I would personally prefer smaller increments
of releases until we get to 1.0. So it will be good to confine the release 0.6 to Registry
service interface and the security additions you propose. 

Please try and submit patches in multiple well defined JIRA's, so the dev's can review in
and follow your security implementations. 

Thanks for your contributions,
Suresh


Mime
View raw message