wiki:DXAndSecurity

Version 2 (modified by astephen, 13 years ago) (diff)

--

NDG-Securing the Data Extractor

Here are some notes on how/why both the DX client and server must be NDG-security enabled:

  1. Client and Server need to know about security because:
    • Server might be called directly so must be secure.
    • Client needs to do web-based (cookie) authentication and provide login and forwarding to NDG hosts, therefore needs to know.
  1. Client can follow MOLES Browse model of:
    • If not logged in: get list of trusted hosts
    • User selects one and logs in at that trusted host.
    • Trusted host forwards back to DX with cookies set or encrypted cookies on URL.
    • DX can then use NDG security code to get the list of roles and the username.
  1. Client and server exchange secure Token and session ID:
    • Session ID is a non-secure object that just binds to your saved session.
    • In order to access the session ID you should also provide the secure token.
    • The secure token needs to be an object that the server can use with NDG Security. Hence it could be a Proxy Certificate…