Hi Wim, Wim De Smet wrote: > Hi Alexandra, > > So first off, does this mean the security field you can see on > processors in T2 are not applicable atm? Correct, the 'isSecure' field you've seen on a WSDL processor is set to false at the moment. There is a GUI to configure security properties, but not included in any of the released versions. > > In any case, I've only partially implemented this so my services > aren't expecting much yet, but since authentication is really all we > need I'd like to keep it as simple as possible. The data we're giving > out is all freely available. The services however are still in a test > phase and will in the future allow updating of certain user-specific > data. For this we need to know who users are but we're not terribly > interested in encrypting data. > > I figured HTTP auth would be the easiest option to support, but I'd be > interested in arguments for choosing WS-security profiles over this > one. I'd rather not have to resort to using API keys in methods or > something similar if I don't have to. Yeas, I suppose HTTP Auth over https is probably the best (easiest) option from Taverna's standpoint. WS-Security from Taverna is a bit messy :-). > > Couldn't you autodetect http auth btw? Wait till the first connection > throws a HTTP 401, prompt for a username/password, update all > processors for that endpoint with the security information? That would be possible. However, if you have a long running workflow and the service requiring authentication is at the 'bottom' and the user leaves it to run, he/she might get a pop-up and block further workflow execution until the user comes back to insert his/her username and password. So pre-configuring such a service may be better. Also, if you are running a workflow on a remote Taverna execution server, you'd have to preconfigure the workflow with all the necessary data. On the other hand, what you said would probably be easier for the user as they would not have to do any service configuration from Taverna and would just be prompted for the username and password when needed. It's definitely something to consider supporting in Taverna.
Cheers, Alex > > regards, > Wim > > Alexandra Nenadic wrote: >> Hi Wim, >> >> We did some (unfortunately undocumented) work on supporting various >> authentication methods for WSDL services - HTTP authentication as >> well as WS-Security profiles. Most of the work is still in the >> prototype stage and has not made it to the Taverna 2.1 beta. Also >> most of the WSDL services that people use in the workflows are not >> secure and are publicly available. The biggest problem for us, from >> Taverna's standpoint, is discovering what 'kind' of security a >> service expects as services do not seem to be using WS-Policy or some >> other means for telling the client what kind of credentials to send >> to the service etc. so the user has to configure it manually on the >> Taverna' side. Some work has been done on the UI for describing >> 'security properties' of WSDL services, however this is pretty hard >> for ordinary users and error prone. On the other hand, there is a >> growing demand for security support and this is something we'll >> definitely have a look very soon. >> Is HTTP Auth over https the only type of security your services are >> expecting or you have a variety of security 'profiles'? It is always >> good for us to have real life use cases as it is easier to add >> support in Taverna for something that is really been used and is >> needed in real life. >> >> Cheers, >> Alex >> >> >> Wim De Smet wrote: >> >>> Hi all, >>> >>> I'm having some trouble finding more info on the Taverna 2 security >>> support. Specifically I was wondering about what authentication >>> methods supports. Is it just WS-Security profiles or is there >>> support for HTTP authentication methods too? If so, which ones? >>> >>> regards, >>> Wim >>> >> >> > -- ..................................... Dr Alexandra Nenadic Research Associate, myGrid Project School of Computer Science University of Manchester Web: http://www.cs.man.ac.uk/~nenadic Office: +44 (0)161 275 0672 Fax: +44 (0) 161 275 6204 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ taverna-users mailing list [email protected] [email protected] Web site: http://www.taverna.org.uk Mailing lists: http://www.taverna.org.uk/taverna-mailing-lists/
