From mjg at cacr.caltech.edu Mon Aug 8 10:08:52 2011 From: mjg at cacr.caltech.edu (Matthew Graham) Date: Mon, 8 Aug 2011 10:08:52 -0700 Subject: TAP/UWS authentication - short survey In-Reply-To: <4E40123E.9030602@mpa-garching.mpg.de> References: <4E40123E.9030602@mpa-garching.mpg.de> Message-ID: <167D2203-4BE8-4695-ABAA-5EA56EA47C07@cacr.caltech.edu> Hi Matthias, You should certainly have a look at the IVOA Recommendation for SSO (http://www.ivoa.net/Documents/latest/SSOAuthMech.html) in case you have not already done so. This recommends X.509 certificates also says that "HTTP basic authentication shall not be used". The VAO is working on an OpenID system tied to our existing X.509 service. Cheers, Matthew On Aug 8, 2011, at 9:43 AM, matthias egger wrote: > > Hi DAL/Grid List Members, > > in the course of (beta-) testing our TAP service with TOPCAT we again > came across the topic of authentication and SSO. > > we need to protect our web services with a user-login, while TOPCAT's > TAP interface currently does not support this. > > we wonder know, what is the best practice there in the context of ivoa, > tap/uws? > > > so i'd like to start a short discussion/survey about whether some of you > have similar requirements and esp. which - if any - authentication > system you are currently using, and possibly whether you also use > distributed (web-) SSO protocols like SAML2 or openID. > > in short: > > * do you run a TAP service which requires authentication > > * if yes: which authentication method/system do you use: > > * (HTTP) BASIC > > * FORM-Based > > * X.509 Certificates > > * SAML2 > > * OpenID > > * other: ? > > > background is that we need to put security on top of our > web-applications (also considering frameworks like openID and > SAML2/Shibboleth) and would like to hear what is most common and > recommend in ivoa, > also whether it is worth implementing (most common web-) authentication > support in client tools e.g. TOPCAT. > > > any feedback is every welcome. > > thanks and regards! matthias > > > > -- > -------------------------------------------------- > Matthias Egger > Max Planck Institute for Astrophysics > web: www.mpa-garching.mpg.de > email: megger at mpa-garching.mpg.de > fon: +49-89-30000-2040 > fax: +49-89-30000-2235 > -------------------------------------------------- > From patrick.dowler at nrc-cnrc.gc.ca Wed Aug 10 09:22:06 2011 From: patrick.dowler at nrc-cnrc.gc.ca (Patrick Dowler) Date: Wed, 10 Aug 2011 09:22:06 -0700 Subject: WD-TAPRegExt-20110727 Message-ID: <201108100922.06371.patrick.dowler@nrc-cnrc.gc.ca> The latest draft of TAPRegExt has been uploaded to the document repository: http://www.ivoa.net/Documents/TAPRegExt/index.html Please comment by responding to this message on the list. -- Patrick Dowler Tel/T?l: (250) 363-0044 Canadian Astronomy Data Centre National Research Council Canada 5071 West Saanich Road Victoria, BC V9E 2M7 Centre canadien de donnees astronomiques Conseil national de recherches Canada 5071, chemin West Saanich Victoria (C.-B.) V9E 2M7 From thomas.boch at astro.unistra.fr Mon Aug 29 03:02:36 2011 From: thomas.boch at astro.unistra.fr (Thomas Boch) Date: Mon, 29 Aug 2011 12:02:36 +0200 Subject: utype for STC region in SIAP query response Message-ID: <4E5B63BC.6030009@astro.unistra.fr> Hi, Embedding a STC region in the SIAP query response is becoming more and more widespread, and we would like to support this feature in Aladin. I would like to know if there is a standard (or de facto standard) utype to characterize the FIELD holding the STC region description. Cheers, Thomas -- Thomas Boch Ing?nieur de Recherche CDS/Observatoire Astronomique Phone : 33 (0)3 68 85 24 42 11, rue de l'Universite Fax : 33 (0)3 68 85 24 17 F-67000 Strasbourg Email : thomas.boch at astro.unistra.fr France http://cdsweb.u-strasbg.fr/~boch From francois.bonnarel at astro.unistra.fr Mon Aug 29 05:30:15 2011 From: francois.bonnarel at astro.unistra.fr (=?ISO-8859-1?Q?Fran=E7ois_Bonnarel?=) Date: Mon, 29 Aug 2011 14:30:15 +0200 Subject: utype for STC region in SIAP query response In-Reply-To: <4E5B63BC.6030009@astro.unistra.fr> References: <4E5B63BC.6030009@astro.unistra.fr> Message-ID: <4E5B8657.7010607@astro.unistra.fr> Hi Thomas, Obstap has obs:Char.SpatialAxis.Coverage.Support.Area for this . We have something similar in the SIA2 prototypes I guess eventually for sia we will have something like sia:Char.SpatialAxis.Coverage.Support.Area although the problem of the name space is still to be discussed... By the way you can write this field as an STC-S feature ... Cheers Fran?ois Le 29/08/2011 12:02, Thomas Boch a ?crit : > Hi, > > Embedding a STC region in the SIAP query response is becoming more and > more widespread, and we would like to support this feature in Aladin. > I would like to know if there is a standard (or de facto standard) > utype to characterize the FIELD holding the STC region description. > Cheers, > > Thomas > From thomas.boch at astro.unistra.fr Mon Aug 29 05:44:06 2011 From: thomas.boch at astro.unistra.fr (Thomas Boch) Date: Mon, 29 Aug 2011 14:44:06 +0200 Subject: utype for STC region in SIAP query response In-Reply-To: <4E5B8657.7010607@astro.unistra.fr> References: <4E5B63BC.6030009@astro.unistra.fr> <4E5B8657.7010607@astro.unistra.fr> Message-ID: <4E5B8996.2070709@astro.unistra.fr> Fran?ois, I wish this is something that could be standardized in a forecoming revision of the SIAP document, so that clients can easily find out which FIELD support the STC-S description. Thomas Fran?ois Bonnarel wrote: > Hi Thomas, > Obstap has obs:Char.SpatialAxis.Coverage.Support.Area > for this . We have something similar in the SIA2 prototypes > I guess eventually for sia we will have something like > sia:Char.SpatialAxis.Coverage.Support.Area > although the problem of the name space is still to be discussed... > By the way you can write this field as an STC-S feature ... > Cheers > Fran?ois > Le 29/08/2011 12:02, Thomas Boch a ?crit : >> Hi, >> >> Embedding a STC region in the SIAP query response is becoming more >> and more widespread, and we would like to support this feature in >> Aladin. >> I would like to know if there is a standard (or de facto standard) >> utype to characterize the FIELD holding the STC region description. >> Cheers, >> >> Thomas >> > -- Thomas Boch Ing?nieur de Recherche CDS/Observatoire Astronomique Phone : 33 (0)3 68 85 24 42 11, rue de l'Universite Fax : 33 (0)3 68 85 24 17 F-67000 Strasbourg Email : thomas.boch at astro.unistra.fr France http://cdsweb.u-strasbg.fr/~boch From msdemlei at ari.uni-heidelberg.de Mon Aug 29 11:42:03 2011 From: msdemlei at ari.uni-heidelberg.de (Markus Demleitner) Date: Mon, 29 Aug 2011 20:42:03 +0200 Subject: utype for STC region in SIAP query response In-Reply-To: <4E5B8996.2070709@astro.unistra.fr> References: <4E5B63BC.6030009@astro.unistra.fr> <4E5B8657.7010607@astro.unistra.fr> <4E5B8996.2070709@astro.unistra.fr> Message-ID: <20110829184203.GA4578@ari.uni-heidelberg.de> Hi Thomas, hi List, [utype for region withing SIAP] On Mon, Aug 29, 2011 at 02:44:06PM +0200, Thomas Boch wrote: > I wish this is something that could be standardized in a forecoming > revision of the SIAP document, so that clients can easily find out > which FIELD support the STC-S description. Well, I'd say: the utype should reflect whatever place the region has within the the "Simple Image" data model. Since there's no such thing as far as I know, there should be no utype at all (though a UCD might come in handy).. However, we do have an STC data model, and there's a Note [1] on how to embed the mapping of data in VOTables to it [disclaimer: mainly written by yours truly]. So, what I'd suggest is to just use that. If I may say so, it's much easier in implementation than one might think, and it'll remain the way it is even if we decide to define a Simple Image data model. In the note, there's already an example for embedding a region. I think a future SIAP spec would profit from recommending a full STC record, and I'll be happy to figure one out -- just not right now since I'm on vacation. Cheers, Markus [1] http://www.ivoa.net/Documents/Notes/VOTableSTC/ From thomas.boch at astro.unistra.fr Tue Aug 30 02:51:14 2011 From: thomas.boch at astro.unistra.fr (Thomas Boch) Date: Tue, 30 Aug 2011 11:51:14 +0200 Subject: utype for STC region in SIAP query response In-Reply-To: <4E5B8996.2070709@astro.unistra.fr> References: <4E5B63BC.6030009@astro.unistra.fr> <4E5B8657.7010607@astro.unistra.fr> <4E5B8996.2070709@astro.unistra.fr> Message-ID: <4E5CB292.1090307@astro.unistra.fr> To illustrate my request, here is is how the STC-S FIELD is described in the query response of three different SIAP services : Service 1 : Service 2 : Service 3 : 3 different services, 3 different ways to express the same thing. Having a unique unambiguous way to detect the STC-S field would be very helpful for client consuming these services. Cheers, Thomas Thomas Boch wrote: > Fran?ois, > > I wish this is something that could be standardized in a forecoming > revision of the SIAP document, so that clients can easily find out > which FIELD support the STC-S description. > > Thomas > > Fran?ois Bonnarel wrote: >> Hi Thomas, >> Obstap has obs:Char.SpatialAxis.Coverage.Support.Area >> for this . We have something similar in the SIA2 prototypes >> I guess eventually for sia we will have something like >> sia:Char.SpatialAxis.Coverage.Support.Area >> although the problem of the name space is still to be discussed... >> By the way you can write this field as an STC-S feature ... >> Cheers >> Fran?ois >> Le 29/08/2011 12:02, Thomas Boch a ?crit : >>> Hi, >>> >>> Embedding a STC region in the SIAP query response is becoming more >>> and more widespread, and we would like to support this feature in >>> Aladin. >>> I would like to know if there is a standard (or de facto standard) >>> utype to characterize the FIELD holding the STC region description. >>> Cheers, >>> >>> Thomas >>> >> > > -- Thomas Boch Ing?nieur de Recherche CDS/Observatoire Astronomique Phone : 33 (0)3 68 85 24 42 11, rue de l'Universite Fax : 33 (0)3 68 85 24 17 F-67000 Strasbourg Email : thomas.boch at astro.unistra.fr France http://cdsweb.u-strasbg.fr/~boch