Return-Path: X-Original-To: apmail-oodt-dev-archive@www.apache.org Delivered-To: apmail-oodt-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D13E99F1F for ; Fri, 13 Jan 2012 18:21:46 +0000 (UTC) Received: (qmail 28043 invoked by uid 500); 13 Jan 2012 18:21:46 -0000 Delivered-To: apmail-oodt-dev-archive@oodt.apache.org Received: (qmail 28012 invoked by uid 500); 13 Jan 2012 18:21:46 -0000 Mailing-List: contact dev-help@oodt.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@oodt.apache.org Delivered-To: mailing list dev@oodt.apache.org Received: (qmail 28002 invoked by uid 99); 13 Jan 2012 18:21:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2012 18:21:45 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [128.149.139.109] (HELO mail.jpl.nasa.gov) (128.149.139.109) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2012 18:21:39 +0000 Received: from mail.jpl.nasa.gov (altvirehtstap01.jpl.nasa.gov [128.149.137.72]) by smtp.jpl.nasa.gov (Switch-3.4.3/Switch-3.4.3) with ESMTP id q0DILGM2008668 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO) for ; Fri, 13 Jan 2012 10:21:17 -0800 Received: from ALTPHYEMBEVSP20.RES.AD.JPL ([128.149.137.83]) by ALTVIREHTSTAP01.RES.AD.JPL ([128.149.137.72]) with mapi; Fri, 13 Jan 2012 10:21:16 -0800 From: "Mattmann, Chris A (388J)" To: "dev@oodt.apache.org" Date: Fri, 13 Jan 2012 10:24:36 -0800 Subject: Re: Single Sign-on Thread-Topic: Single Sign-on Thread-Index: AczSICNi3UqP1bs5S4GN9lYI7l0pGA== Message-ID: <1E998FE2-F5F9-487D-88FF-AFD80F1646FF@jpl.nasa.gov> References: <00449A48-D1B5-4B11-9B5D-E4C7658BAC97@jpl.nasa.gov> <-7089967369048359717@unknownmsgid> In-Reply-To: <-7089967369048359717@unknownmsgid> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Source-IP: altvirehtstap01.jpl.nasa.gov [128.149.137.72] X-Source-Sender: chris.a.mattmann@jpl.nasa.gov X-AUTH: Authorized Hi BW, It's currently implemented in multiple fashions and I think it's best to talk specifics in order to properly respond. I'll stick to the delineation of components between the data processing/computational components, versus the information integration ones. Data Processing: File Manager - SSO is implemented by extending the XML-RPC with=20 a secure handler. Sean Kelly implemented such a handler [1] using Jython/Java that you can check out as an example. That's an example of locking down the actual XML-RPC service with an SSO-type capability. A similar approach could be taken (but hasn't yet) for the actual Workflow Manager and Resource Manager services. Instead, we typically just front these services with an app server like Tomcat, and let Tomcat plug in to LD= AP for SSO. In our web applications that sit on top of Data Processing (or "PCS") servi= ces, we use this framework [2], called CAS-SSO. It's currently integrated into C= AS-curator, and into our OODT Balance web applications framework. Information Integration: Since Web Grid runs in a Java server environment like Tomcat, we simply rel= y on integration with LDAP, here, or by extending the Web Grid container in=20 a similar fashion as to how Sean Kelly implemented for XML-RPC in [1]. OK hope that helps! Cheers, Chris [1] http://svn.apache.org/repos/asf/oodt/trunk/filemgr/src/main/python [2] http://svn.apache.org/repos/asf/oodt/trunk/sso On Jan 13, 2012, at 9:49 AM, B W wrote: > How is Single Sign-on implemented for oodt? >=20 > BW >=20 > On Jan 12, 2012, at 8:53 PM, "Mattmann, Chris A (388J)" > wrote: >=20 >> Hi BW: >>=20 >> In the current model, it's not done at all. The QueryServlet doesn't rea= lly exist >> since the advent of Web-Grid for the information integration components: >>=20 >> http://oodt.apache.org/components/maven/grid/ >>=20 >> Check out the slides from Sean Kelly on that site, that describes web gr= id. >> Basically instead of the query server/servlet, we opted for a more REST >> service oriented style where users consume profile and product server >> end points via the Web Grid substrate. >>=20 >> Does that help? >>=20 >> Cheers, >> Chris >>=20 >> On Jan 12, 2012, at 8:50 PM, B W wrote: >>=20 >>> Correct me if I'm wrong, an initial query is posted via a user agent >>> browser to a servlet for the Query Service then: >>> The messaging layer broadcasts the query to registered Profile Services >>> that are running? >>> Is this done via XML-RPC or posting to the servlets on the Profile Serv= ers? >>>=20 >>>=20 >>> I'm trying to figure out the whole thread. >>>=20 >>> Thx. >>>=20 >>> On Thu, Jan 12, 2012 at 8:22 PM, Mattmann, Chris A (388J) < >>> chris.a.mattmann@jpl.nasa.gov> wrote: >>>=20 >>>> Hey Sean, >>>>=20 >>>>>=20 >>>>> The ebXML model is one of the least egregious for a registry that I'v= e >>>> seen, and believe me, I've seen some nasty ones. But what makes JPL's >>>> implementation so compelling is its JSON-esque and ReST-ful based API, >>>> which, as far as I can tell, is totally original within the ebXML & OA= SIS >>>> worlds. >>>>>=20 >>>>> Normally I turn my nose up to heavy-handed models with entrenched API= s, >>>> but the singular achievement of JPL is to make the ebXML model, which >>>> conceptually isn't byzantine, actually usable, approachable, and exten= dable. >>>>=20 >>>> Super +1. >>>>=20 >>>>>=20 >>>>> Is there any hope we can get JPL, Caltech, and NASA to give it up to >>>> become part of OODT? Or its own Incubator project? >>>>=20 >>>> I think Hardman is working on it, he can feel free to comment (or not) >>>> here ^_^ >>>>=20 >>>> Cheers, >>>> Chris >>>>=20 >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> Chris Mattmann, Ph.D. >>>> Senior Computer Scientist >>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA >>>> Office: 171-266B, Mailstop: 171-246 >>>> Email: chris.a.mattmann@nasa.gov >>>> WWW: http://sunset.usc.edu/~mattmann/ >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>> Adjunct Assistant Professor, Computer Science Department >>>> University of Southern California, Los Angeles, CA 90089 USA >>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>>>=20 >>>>=20 >>=20 >>=20 >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> Chris Mattmann, Ph.D. >> Senior Computer Scientist >> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA >> Office: 171-266B, Mailstop: 171-246 >> Email: chris.a.mattmann@nasa.gov >> WWW: http://sunset.usc.edu/~mattmann/ >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >> Adjunct Assistant Professor, Computer Science Department >> University of Southern California, Los Angeles, CA 90089 USA >> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >>=20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Chris Mattmann, Ph.D. Senior Computer Scientist NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA Office: 171-266B, Mailstop: 171-246 Email: chris.a.mattmann@nasa.gov WWW: http://sunset.usc.edu/~mattmann/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Adjunct Assistant Professor, Computer Science Department University of Southern California, Los Angeles, CA 90089 USA ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++