Changes between Version 3 and Version 4 of MashMyData/OAuth


Ignore:
Timestamp:
05/07/10 16:07:59 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MashMyData/OAuth

    v3 v4  
    22 
    33== Sequence == 
     4=== Actors === 
     5 1. User 
     6 1. User's browser 
     7 1. !MashMyData web portal application 
     8 1. Portal Trust Registry: a registry containing a list of trusted services one per user.  These are services which the user has previously agreed to delegate to act on their behalf.  Trust settings could be set with an expiry.  For the purposes of this project, this service could be co-located with the portal.  For production use it would be likley to be associated with the user's IdP (Identity Provider) 
     9 1. CEDA WPS (OGC Web Processing Service): this will execute a job for the portal on behalf of the user.  The job involves pulling data from another service, a TDS (THREDDS Data Server) also hosted at CEDA.  Both services have access control in place. 
     10 1. CEDA TDS 
     11 1. CEDA Token Service: issues OAuth request and access tokens for the WPS and TDS.  There is at least one Token Service per !OAuth realm.  IT could be implemented as a filter in front of both the WPS and TDS. 
     12 
     13=== Process === 
     14 1. The user signs in at the portal using OpenID (deliberately shown compressed into a single step for simplicity). 
     15 1. The user initiates a request which triggers the Portal to call the CEDA WPS to execute a job on its behalf. 
     16 1. The WPS returns an unauthorized response but indicating to the portal that it is !OAuth enabled. 
     17 1. The WPS request an !OAuth ''request'' token and 
     18 1. returns this to the Portal Trust Registry for approval. 
     19 1. The WPS is already in the list of trusted delegates for this user and so 
     20 1. the request is marked as approved. 
     21 1. The Portal can now send the !OAuth request token to the CEDA Token Service to request an !OAuth Access Token. 
     22 1. The Token Service checks the re 
    423[[Image(source:TI12-security/trunk/NDGSecurity/documentation/MashMyData/OAuthWorkflow.png)]]