- To: Pauline Mak <pauline.mak@xxxxxxxxxxx>
- Subject: Re: [thredds] [Opendap-tech] OPeNDAP authentication
- From: Patrick West <pwest@xxxxxxxxxxx>
- Date: Fri, 28 Aug 2009 10:36:27 -0400
OPeNDAP/G (Gridded OPeNDAP) currently does not support X509
certificates or authentication. The BES does currently support X509
authentication during connection using SSL. And we are currently
developing modifications in the BES to allow for secure connections
and secure requests to be sent to the BES, allowing clients to pass
along security certificates and store them in the BES to be used on
behalf of the client for authorization purposes. This will be
especially useful in a gridded environment or where the BES is working
in paralellel with other BES processes to handle requests. A module
can be written and dynamically loaded into the BES to handle
authorization. There is no generic authorization in the BES.
I personally haven't tried it, but since the front-end of Hyrax is a tomcat servlet that you can utilize any authentication within tomcat, as is mentioned in another email.
To my knowledge, the only client of the BES that supports SSL authentication is the bescmdln (BES Command Line) client, which is mostly a testing client. We are developing a Globus module for the Earth System Grid project that will use the BES authentication.
The CEDAR project at UCAR developed a BES plugin to handle simple user authentication, as well as additional response types and a reporting mechanism for data usage tracking.
Patrick West Rensselaer Polytechnic Institute Tetherless World Constellation http://tw.rpi.edu On Aug 27, 2009, at 6:47 PM, Pauline Mak wrote:
Hi all,Is there any documentation on OPeNDAP/G, or THREDDS with X509 documentation? We're interested in using authentication (and naturally, authorisation) for some of our datasets. I would like to see if I can do a test setup over here, but I can't seem to find any documentation on doing this... Interestingly, does OPeNDAP client libraries already support this?Thanks! -Pauline. -- Pauline Mak Assistant Manager, ARCS Data Services Ph: +61 3 6226 7518 Mob: +61 411 638 196 Email: pauline.mak@xxxxxxxxxxx Jabber: pauline.mak@xxxxxxxxxxx http://www.arcs.org.au/ TPAC Email: pauline.mak@xxxxxxxxxxx http://www.tpac.org.au/ _______________________________________________ opendap-tech mailing list opendap-tech@xxxxxxxxxxx http://mailman.opendap.org/mailman/listinfo/opendap-tech
- Follow-Ups:
- Re: [thredds] [Opendap-tech] OPeNDAP authentication
- From: John Caron
- Re: [thredds] [Opendap-tech] OPeNDAP authentication
- References:
- [thredds] OPeNDAP authentication
- From: Pauline Mak
- [thredds] OPeNDAP authentication