| 17 | 1. The Portal links the OpenID account to an ESG !MyProxy server from which to obtain credentials. This is to allow for the fact that the user is not registered with ESG: they have an OpenID but no means of obtaining an SSL certificate required by some of the services for authentication. More details are needed: if the user is not registered with ESG, what is the link between the !MyProxy account and the external OpenID account? Does the user need to authenticate twice: once with OpenID and once to obtain the !MyProxy credentials? An initial registration stage is implied to register the user so that they can get a short term certificate from an ESG !MyProxy server. |
| 18 | 1. The user makes a request which initiates a WPS job. |
| 19 | 1. The Portal anticipates that the WPS and possibly other services at CEDA will require delegated credentials so it performs a myproxy-init to upload a new proxy certificate to the CEDA !MyProxy server specifying that the WPS and any other data access service at CEDA has permissions to obtain delegated credentials from it. |
| 20 | 1. The Portal makes a call to the WPS but receives an authentication challenge response. |
| 21 | 1. It retries this time passing the credentials it's cached from call to the ESG !MyProxy Server - see step 2. |
| 22 | 1. The WPS accepts the user credentials passed in the Portal request and initiates the job. This job entails calling a TDS at CEDA. |
| 23 | 1. The WPS gets an authentication challenge response so it calls the CEDA !MyProxy server to obtain a credential |
| 24 | 1. The CEDA !MyProxy server grants the request since a credential was uploaded previously (step 4) and this credential may be delegated to the WPS. |
| 25 | 1. The WPS retries its call to the TDS using the proxy certificate obtained. |
| 26 | 1. The TDS accepts the proxy credential and returns the requested data. |
| 27 | 1. The WPS completes its job and returns a response to the Portal. |
| 28 | 1. The Portal sends a response to the user's browser. |