Stephen M Pickles wrote:
Support for security in Taverna is, as Donal says, ongoing work.
However, at least one group is using Taverna to invoke secured services today. AstroGrid takes advantage of Taverna's plug-in technology to retrieve the necessary credentials to invoke a secured service from the "AstroGrid Runtime", a stateful service local to the user's desktop. This works fine for AstroGrid.
I've had a discussion with June Finch here about quite a lot more detail in relation to Taverna's security and I've got a couple of interesting points: 1) There's actually a lot of different security stuff going on around Taverna, but much of it is (helpfully) unpublished or specific to a particular project. (In some cases, username+password is what users are using, and we all know how *that* sucks...) 2) They lack use-cases (something I'm going to be able to help them with) and standards for how to handle security at a generic level. I suspect that they will benefit very strongly from the Express Authentication efforts, since it will cut through much of the thicket of confusion. Amazing how writing up things draws out comments from people. ;-) Donal.