Return-Path: X-Original-To: apmail-airavata-dev-archive@www.apache.org Delivered-To: apmail-airavata-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9C808DBE2 for ; Thu, 22 Nov 2012 19:26:06 +0000 (UTC) Received: (qmail 75975 invoked by uid 500); 22 Nov 2012 19:26:06 -0000 Delivered-To: apmail-airavata-dev-archive@airavata.apache.org Received: (qmail 75937 invoked by uid 500); 22 Nov 2012 19:26:06 -0000 Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list dev@airavata.apache.org Received: (qmail 75925 invoked by uid 99); 22 Nov 2012 19:26:06 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Nov 2012 19:26:06 +0000 Received: from localhost (HELO [10.0.1.5]) (127.0.0.1) (smtp-auth username smarru, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Nov 2012 19:26:06 +0000 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: Gateway id in airavata request From: Suresh Marru In-Reply-To: Date: Thu, 22 Nov 2012 14:26:05 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <12533F25-F176-4505-8F5B-AAE66A6F5C6E@apache.org> References: <94ED520E-0DCC-4D05-9B29-0496C8664EFE@apache.org> To: dev@airavata.apache.org X-Mailer: Apple Mail (2.1499) On Nov 22, 2012, at 1:10 PM, Amila Jayasekara = wrote: > Hi Suresh, >=20 > I do prefer gateway DNS name formats such as "gateway.airavata.org" > (Due to its simplicity compared to entity ids). I did not pay attention to the SAML requirements for entity id's as = discussed in the links I sent earlier. But if it doesn't matter, I am + = 1 for using "gateway.airavata.org", this looks much more elegant.=20 Suresh > But in either case > there wont be any changes to the logic we are doing at authentication > stage. Maybe we need to further investigate to figure out what is most > appropriate as a gateway id. >=20 > Thanks > Amila >=20 > On Thu, Nov 22, 2012 at 12:41 PM, Suresh Marru = wrote: >> On Nov 22, 2012, at 12:25 PM, Amila Jayasekara = wrote: >>=20 >>> Hi All, >>>=20 >>> We need to send gateway name together with user name for >>> authentication at Airavata service level. We are thinking of using >>> following syntax for this, >>>=20 >>> username@gatwayId >>>=20 >>> So "@" will be a separator for gateway id and user name. In addition >>> we do authentication based on the gateway id. I am planning to >>> incorporate this change to existing security implementation. If you >>> have any objections/feedback please let us know. >>=20 >> Hi Amila, >>=20 >> Yes this sounds fine to me. But it will work under the assumption of = gateway id being unique. May be we can maintain a wiki page with = registered gateway id's. Can you please refer to [1] which discuss this = issues of mapping end users with gateway identifiers. >>=20 >> If you refer to examples at [2], are you proposing to create Entity = ID's or Gateway DNS Domain in the format gateway.airavata.org? >>=20 >> Cheers, >> Suresh >>=20 >> [1] - = http://www.teragridforum.org/mediawiki/index.php?title=3DScience_Gateway_C= redential_with_Attributes >> [2] - = http://www.teragridforum.org/mediawiki/index.php?title=3DScience_Gateway_C= redential_with_Attributes_Status >>=20 >>=20