On Tuesday 30 September 2008 18:42, Donal K. Fellows wrote:
Christopher Smith wrote:
Could you not employ X.509 client/server authentication at the TLS layer? I believe you can access the certificate information when processing the HTTP operations.
Just wondering....
That sounds like an entirely practical way of doing it to me, especially as there is rather a lot of in-service experience out there with handling authentication and authorization for access to HTTP operations. There might be a few tricky bits of course (notably how to handle telling the client how to authenticate to the server, though in the fallback case of username/password all that stuff exists already) but it still seems quite possible.
How about delegation? Will it require additional mapping? Or should it be handled in a separate layer? A.K.
I like the idea that the interfaces we define are fundamentally independent of how they are interacted with. That has the architectural equivalent of Good Code Smell. :-)
Donal. -- ogsa-bes-wg mailing list ogsa-bes-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-bes-wg