airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Jayasekara <thejaka.am...@gmail.com>
Subject Re: Gateway id in airavata request
Date Thu, 22 Nov 2012 21:10:25 GMT
Hi Suresh,

How should we associate gateway id with user id if user store resides
outside of Airavata ?

Is it ok to assume that a gateway id is associated with a single
external user store ? In that case we can associate gateway id with
the user store configuration.

Thanks
Amila

On Thu, Nov 22, 2012 at 2:26 PM, Suresh Marru <smarru@apache.org> wrote:
> On Nov 22, 2012, at 1:10 PM, Amila Jayasekara <thejaka.amila@gmail.com> wrote:
>
>> Hi Suresh,
>>
>> I do prefer gateway DNS name formats such as "gateway.airavata.org"
>> (Due to its simplicity compared to entity ids).
>
> I did not pay attention to the SAML requirements for entity id's as discussed in the
links I sent earlier. But if it doesn't matter, I am + 1 for using "gateway.airavata.org",
this looks much more elegant.
>
> Suresh
>
>> But in either case
>> there wont be any changes to the logic we are doing at authentication
>> stage. Maybe we need to further investigate to figure out what is most
>> appropriate as a gateway id.
>>
>> Thanks
>> Amila
>>
>> On Thu, Nov 22, 2012 at 12:41 PM, Suresh Marru <smarru@apache.org> wrote:
>>> On Nov 22, 2012, at 12:25 PM, Amila Jayasekara <thejaka.amila@gmail.com>
wrote:
>>>
>>>> Hi All,
>>>>
>>>> We need to send gateway name together with user name for
>>>> authentication at Airavata service level. We are thinking of using
>>>> following syntax for this,
>>>>
>>>> username@gatwayId
>>>>
>>>> So "@" will be a separator for gateway id and user name. In addition
>>>> we do authentication based on the gateway id. I am planning to
>>>> incorporate this change to existing security implementation. If you
>>>> have any objections/feedback please let us know.
>>>
>>> Hi Amila,
>>>
>>> Yes this sounds fine to me. But it will work under the assumption of gateway
id being unique. May be we can maintain a wiki page with registered gateway id's. Can you
please refer to [1] which discuss this issues of mapping end users with gateway identifiers.
>>>
>>> If you refer to examples at [2], are you proposing to create Entity ID's or Gateway
DNS Domain in the format gateway.airavata.org?
>>>
>>> Cheers,
>>> Suresh
>>>
>>> [1] - http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes
>>> [2] - http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes_Status
>>>
>>>
>

Mime
View raw message