Science Environment for Ecological Knowledge
Ecoinformatics site parent site of Partnership for Biodiversity Informatics site parent site of SEEK - Home
Science Environment for Ecological Knowledge








 

 

 

Eco Grid Auth Design
Your trail: StatusReport21June2004 | StatusReport14June2004 | StatusReport08June2004 | BEAM | EducationOutreachandTrainingTeam | Usability | SEEKSpecificKeplerItems | BeamKnowledgeRepSept04 | BeamKnowledgeRepJan04 | EcoGridRegistryDesign

This is version 3. It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

In order to allow access to private or protected EarthGrid data (via Kepler, for instance) some of the services have been modified.

New search and retrieval methods

  • EcoGridQuery
    • authQuery
    • authGet

These methods take an additional credential parameter. The credential should be returned by a successful call to the EcoGridAuthLevelOneService login method.

Modified Registry Entry records

Currently there is not a good way to associate services that are in the Registry as related to each other. For example, there is no way to explicitly say that "authenticationService123" should be used to authenticate before querying "queryService345". It would be nice to group services that are deployed on the same node as a cluster. A proposed change to the EcogridRegEntryType (xsd):
  • add 'clusterName' element to each registry entry. It would then be the responsibility of any consuming app (Kepler) to group those for use with a shared authentication service (just another service that is part of the cluster).

Kepler and the Registry

Kepler has an AuthenticationManager feature that uses a notion of "authentication domains" to manage authentication for EarthGrid services (and, I believe, other authentication tasks yet TBD). There's talk of using the registry to also store these authentication domains, but there exists some overlap with the service definitions and the authentication domain definition (endpoints, essentially).
One approach would be to embed an authenticationDomain element within each Ecogrid service defined in the registry. This would tell Kepler exactly how (and where) to authenticate before using the methods that require authentication credentials. But it's somewhat redundant to have the authentication domain included for every service listed in the registry (not to mention super kepler-specific). There is a meeting scheduled for 01/16/2008 1 pm PST where more concrete decisions can be made about these authentication modifications.


Go to top   More info...   Attach file...
This particular version was published on 14-Jan-2008 11:11:06 PST by uid=leinfelder,o=NCEAS.


This material is based upon work supported by the National Science Foundation under award 0225676. Any opinions, findings and conclusions or recomendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).

LTER Logo
Long Term Ecological Research Network, UNM National Center for Ecological Analysis and Synthesis, UCSB Biodiversity Research Center, KU San Diego Supercomputer Center, UCSD
 
Arizona State University Napier University University of North Carolina University of Vermont
 
UC Davis Genome Center

Copyright 2004 Partnership for Biodiversity Informatics, University of New Mexico, The Regents of the University of California, and University of Kansas