Ticket #97 (closed issue: fixed)

Opened 14 years ago

Last modified 14 years ago

[DS] [S] [M] Gatekeeper functionality

Reported by: lawrence Owned by: pjkersha
Priority: critical Milestone: ALPHA
Component: MOLES Version:
Keywords: Cc: ko23, a.woolf@…,astephen,spascoe,domlowe


Given an NDG resource, known only by a URI, and given an attribute certificate, can a user access the resource or not?

WIthin MOLES the situation is relatively simple, we have only one moles service in contemplation at the moment (return a stub-b document given a URI), and it is relatively easy for the backend to obtain the document, check the attribute certificate, and choose to give the document or not ...

However, currently CSML documents do not include the security information, and so we have to be a bit cleverer. To do this, we could

  1. create a new moles service, that given the URI of a CSML document, finds the parent B document, obtains the security info, and makes the decision, or
  2. ensure that the summary (overlap between A and B) includes the security information (and use the same methodology as used for B), or
  3. hold the metadata to do this in a third location, and provide a service to do the lookup.

BNL thinks the third option is very poor as it introduces a possibility of mismatch between moles and what's on the ground. The metadata should control everything. Also the first option is likely to perform too poorly in real applications, which leads to the second option being preferable, even if Andrew doesn't like CSML documents including stuff from other namespaces (in this case moles).

We need a decision on this asap.

Change History

comment:1 Changed 14 years ago by spascoe

This has connections to #106 for how the DeliveryService does authentication/authorisation. In particular see the Issues section on that ticket to see my concerns about CSML level vs. file level authorisation.

comment:2 Changed 14 years ago by lawrence

  • Summary changed from Gatekeeper functionality to [DS] [S] [M] Gatekeeper functionality

I think we've just made a resolution that the csml document should include the role and responsible attribute authority, so that means we should be able to use the same mechanism being used in the browse code (which will be fleshed out at secure.py

comment:3 Changed 14 years ago by selatham

Has this been decided then?

comment:4 Changed 14 years ago by pjkersha

  • Status changed from new to assigned

Implement Gatekeeper with WS generic interface:

boolean = AccessAllowed?(attCert, URI)

How the role controlling a resource is derived from URI will vary according to resource type and resource provider. Hence, provide an API to allow a specific plugin to be incorporated by the provider which serves the role for the given URI:

role = roleFromURI(URI)

comment:5 Changed 14 years ago by pjkersha

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.