Hi Suresh, How should we associate gateway id with user id if user store resides outside of Airavata ?
Is it ok to assume that a gateway id is associated with a single external user store ? In that case we can associate gateway id with the user store configuration. Thanks Amila On Thu, Nov 22, 2012 at 2:26 PM, Suresh Marru <[email protected]> wrote: > On Nov 22, 2012, at 1:10 PM, Amila Jayasekara <[email protected]> wrote: > >> Hi Suresh, >> >> I do prefer gateway DNS name formats such as "gateway.airavata.org" >> (Due to its simplicity compared to entity ids). > > I did not pay attention to the SAML requirements for entity id's as discussed > in the links I sent earlier. But if it doesn't matter, I am + 1 for using > "gateway.airavata.org", this looks much more elegant. > > Suresh > >> But in either case >> there wont be any changes to the logic we are doing at authentication >> stage. Maybe we need to further investigate to figure out what is most >> appropriate as a gateway id. >> >> Thanks >> Amila >> >> On Thu, Nov 22, 2012 at 12:41 PM, Suresh Marru <[email protected]> wrote: >>> On Nov 22, 2012, at 12:25 PM, Amila Jayasekara <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> We need to send gateway name together with user name for >>>> authentication at Airavata service level. We are thinking of using >>>> following syntax for this, >>>> >>>> username@gatwayId >>>> >>>> So "@" will be a separator for gateway id and user name. In addition >>>> we do authentication based on the gateway id. I am planning to >>>> incorporate this change to existing security implementation. If you >>>> have any objections/feedback please let us know. >>> >>> Hi Amila, >>> >>> Yes this sounds fine to me. But it will work under the assumption of >>> gateway id being unique. May be we can maintain a wiki page with registered >>> gateway id's. Can you please refer to [1] which discuss this issues of >>> mapping end users with gateway identifiers. >>> >>> If you refer to examples at [2], are you proposing to create Entity ID's or >>> Gateway DNS Domain in the format gateway.airavata.org? >>> >>> Cheers, >>> Suresh >>> >>> [1] - >>> http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes >>> [2] - >>> http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes_Status >>> >>> >
