Changes between Version 16 and Version 17 of ESGF


Ignore:
Timestamp:
14/12/10 13:40:24 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ESGF

    v16 v17  
    2525Applications are secured with an authorisation filter, middleware to intercept incoming requests and refer authorisation decisions to an Authorisation Service over a SAML/SOAP interface.  This is true of GridFTP and HTTP based services such as TDS.  These services are hosted on a Data Node.  Any number of Data Nodes can link to a Authorisation Service hosted at a Gateway. 
    2626 
    27 The diagram below shows the configuration for securing a Python based OPeNDAP service, PyDAP along with an Authorisation Service.  The service shown uses a XACML based authorisation engine.  There is just an example and there is no standard authorisation engine for ESGF, only it must adhere to the SAML interface and support role based access control.  The interfaces to the box constitute the ESGF authorisation interface whilst the contents show the XACML specific implementation written for NDG Security. 
     27The diagram below shows the configuration for securing a Python based OPeNDAP service, PyDAP along with an Authorisation Service.  The service shown uses a XACML based authorisation engine.  There is just an example and there is no standard authorisation engine for ESGF, only it must adhere to the SAML interface and support role based access control.  The interfaces to the "CEDA Authorisation Service" component constitute the ESGF authorisation interface whilst the contents show the XACML specific implementation written for NDG Security. 
    2828 
    2929[[Image(source:TI12-security/trunk/NDGSecurity/documentation/ESGF/PyDAPAuthorisation.png)]]