Version 2 (modified by astephen, 15 years ago) (diff) |
---|
NDG-Securing the Data Extractor
Here are some notes on how/why both the DX client and server must be NDG-security enabled:
- Client and Server need to know about security because:
- Server might be called directly so must be secure.
- Client needs to do web-based (cookie) authentication and provide login and forwarding to NDG hosts, therefore needs to know.
- Client can follow MOLES Browse model of:
- If not logged in: get list of trusted hosts
- User selects one and logs in at that trusted host.
- Trusted host forwards back to DX with cookies set or encrypted cookies on URL.
- DX can then use NDG security code to get the list of roles and the username.
- Client and server exchange secure Token and session ID:
- Session ID is a non-secure object that just binds to your saved session.
- In order to access the session ID you should also provide the secure token.
- The secure token needs to be an object that the server can use with NDG Security. Hence it could be a Proxy Certificate…