VOStore interface

[Paul Harrison]

Matthew Graham wrote:
> Hi,
> 
> I would argue that this is an implementation issue: you have to make 
> sure that VOStore can fulfil what it promises.
> 
> The required functionality for authentication is just that the VOStore 
> can recognise a valid message, e.g. the certificate used to sign the 
> SOAP message has the NVO CA in its certificate chain.
> 

This simple statement does hide some potentially complex implementation 
issues though...

- if the signing certificate is a user certificate, then is the VOStore 
expected to have a user database to manage the authorization issues 
(group access for instance)? I thought this was supposed to be delegated 
to the VOSpace level.

- Often the caller of a VOStore will be another service, requesting 
access on behalf of a user - so VOStore will be dealing with the GSI 
certificate proxy system at the first level


Paul Harrison