On 13 Apr 2010, at 17:48, Jim Procter wrote: > Thanks for posting this, Andy. > > > On 13/04/2010 14:44, Andy Jenkinson wrote: >> Afterwards, two proposals emerged: firstly, that the DAS specification make >> a simple recommendation to use existing HTTP digest authentication, leaving >> DAS software to implement the components independently. Secondly, a >> DAS-specific delegated authentication model based around a trusted third >> party (probably the DAS registry) as the identity provider. >> >> Each proposal has its own advantages and disadvantages in terms of both >> security and implementation considerations which we now need to debate >> within the community before we come up with a recommendation, so I have >> summarised both proposals on the wiki: >> http://www.biodas.org/wiki/DAS1.6E#Authentication >> > I didn't participate in the fine details of the discussion last friday, but I > wondered afterwards if anyone had considered adopting the Globus > authentication model. Grid based authentication for programmatic web services > has now been around for a number of years in a number of guises (the Globus > toolkit is the one I know of), and may already address all the requirements > and concerns raised at the meeting. > > My 2c.. > Jim. > > ps. I can point out some people who may be worth approaching regarding Globus > or Shibboleth style third-party ident/auth middleware if people wish.
Definitely worth a shout, I'll do some research. _______________________________________________ DAS mailing list [email protected] http://lists.open-bio.org/mailman/listinfo/das
