As a RESTful API is being defined for OpenWFE, there are several issues to address: 1. It needs to follow AtomPub standard and its discovery capability (service document) 2. it needs to address Identity 2.0. Users need to be authenticated (within a federated environment) and users need to be able to delegate their authorities to workflows so they can act on their behalf (access other web services on other sites for example)
Here is the result of our current research http://blog.geobliki.com/articles/2007/11/25/workflows-restful-ogc-services-and-identity-2-0 1. OpenID 2.0 for user authentication. This would be really easy to add to Densha using JanRain libraries. 2. Delegation of Authority can be done with OAuth 1.0 3. Access Control to restrict user access to specific resources. some people may use LDAP or ActiveRBAC or whatever else... The workflow instance (or process) is the consumer trying to access the data provider. I suppose that we can consider the engine being the consumer. This will require the engine to register at various sites and exchange a secret. Workflow instance needs to carry along the user openid (or identity url) It is likely that a specific participant would be designed to handle that interface and deal with this. This works fairly well with AtomPub. The engine is itself a service so users would need the capability to create/read/update/delelete resources securely. I would love to see a concordance in that area from a greater community for interoeprability. Cheers, Pat. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenWFEru dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/openwferu-dev?hl=en -~----------~----~----~----~------~----~------~--~---
