Changes between Version 6 and Version 7 of MashMyData/MyProxy


Ignore:
Timestamp:
12/07/10 14:13:40 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MashMyData/MyProxy

    v6 v7  
    1515=== Process === 
    1616 1. The user signs in at the portal using OpenID (deliberately shown compressed into a single step for simplicity). 
    17  1. The Portal links the OpenID account to an ESG !MyProxy server from which to obtain credentials.  This is to allow for the fact that the user is not registered with ESG: they have an OpenID but no means of obtaining an SSL certificate required by some of the services for authentication. More details are needed: if the user is not registered with ESG, what is the link between the !MyProxy account and the external OpenID account?  Does the user need to authenticate twice: once with OpenID and once to obtain the !MyProxy credentials?  An initial registration stage is implied to register the user so that they can get a short term certificate from an ESG !MyProxy server. 
     17 1. The Portal links the OpenID account to an ESG !MyProxy server from which to obtain credentials.  This is to allow for the fact that the user is not registered with ESG: they have an OpenID but no means of obtaining an SSL certificate required by some of the services for authentication. More details are needed for this: if the user is not registered with ESG, what is the link between the !MyProxy account and the external OpenID account?  Does the user need to authenticate twice: once with OpenID and once to obtain the !MyProxy credentials?  An initial registration stage is implied to register the user so that they can get a short term certificate from an ESG !MyProxy server. 
    1818 1. The user makes a request which initiates a WPS job. 
    1919 1. The Portal anticipates that the WPS and possibly other services at CEDA will require delegated credentials so it performs a myproxy-init to upload a new proxy certificate to the CEDA !MyProxy server specifying that the WPS and any other data access service at CEDA has permissions to obtain delegated credentials from it.