*Following is a result of a discussion last week on how we could use Apache Rave to manage Authentication for Airavata.*
There will be 2 servers. An Airavata server & a Rave portal hosted on 2 Tomcat servers where each configured to trust the SSL certs of the other. - Airavata Server will expose the Airavata API (under construction) Airavata API - has Airavata related tasks available for 3rd party clients (eg: registry access, workflow execution/monitoring etc.) - Using Rave, 1. Authentication for Airavata users (Airavata doesn't handle this yet) 2. A portal for the XBaya web application - Rave exposes the same Airavata API but with authentication headers. 3rd party clients should use this instead of the API exposed in Airavata server. Once Rave performs proper authentication, the request is forwarded to the Airavata Client module. - The Airavata Client module (a controller in Rave) invokes the Airavata API in the Airavata Server. Airavata Server will only accept requests coming from this Rave instance. - After authentication, XBaya gadgets can also directory work with the Airavata Client to perform its' tasks. This is just a sketch of an idea. Any thoughts? *Note: *the Airavata Server can be considered as the collection of following services GFac Service Workflow interpreter service XBaya Service msgbox service msgbroker service Thanks & Regards, Saminda
