pharriso at eso.org
Tue Aug 9 00:50:05 PDT 2005
Matthew Graham wrote:
> I would argue that this is an implementation issue: you have to make
> sure that VOStore can fulfil what it promises.
> The required functionality for authentication is just that the VOStore
> can recognise a valid message, e.g. the certificate used to sign the
> SOAP message has the NVO CA in its certificate chain.
This simple statement does hide some potentially complex implementation
- if the signing certificate is a user certificate, then is the VOStore
expected to have a user database to manage the authorization issues
(group access for instance)? I thought this was supposed to be delegated
to the VOSpace level.
- Often the caller of a VOStore will be another service, requesting
access on behalf of a user - so VOStore will be dealing with the GSI
certificate proxy system at the first level
More information about the vospace