Hi Devs, Before we go in to production with Airavata, we need to finish the user management support with reasonably good features. Currently we do not allow to create new users in the system since Jackrabbit doesn't support users when we access Jackrabbit in RMI mode. I prefer implementing our own user management on top of Jackrabbit so that we have our control over it. I am suggesting an approach of implementing user management with following structure.
1. During the gateway deployment we deploy Jackrabbit with hidden user name password which is not accessible for XBaya users or GFac Users. 2. When the real user (XBaya user) want to registry there is a user management Service hosted for each Gateway so that users can register them selves with their credentials. When user register them we create a top level node for that users and store their credentials on that top leve node. (During the storing of the credentials we do not have to store in them in plain text, Gateway deployer can implement a handler to encrypt the password before storing/retrieving the password.. so this implementation can be deployment specific, for the time being we can implement a sample handler for this). So when we store Inputs/Outputs and all the provenance data we store under the root level user node (Currently we store under root node). 3. There is another Service which is secured from end users but allowed to access only for Gateway admin who can manage users with basic user management features. 4. During the descriptor registration users can make them public.. if they make them public we do not store those information under users root node but we put them in to Public Node. During xbaya loading we pull the users specific descriptors and public descriptors. That public Node can be accessed only if user provide user specific public credentials. WDYT ? Lahiru -- System Analyst Programmer PTI Lab Indiana University
