1 / 9

Authorisation

Authorisation. Jens Jensen, Phil Kershaw (STFC) et al. contrail is co-funded by the EC 7th Framework Programme under Grant Agreement nr. 257438. 0 1. Background. Using OAuth2 to obtain delegated certificate Project internally uses RESTful webservices Except a few SOAPful instances

alanna
Download Presentation

Authorisation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorisation Jens Jensen, Phil Kershaw (STFC) et al. contrailis co-funded by the EC 7th Framework Programme under Grant Agreement nr. 257438 contrail-project.eu 01

  2. Background • Using OAuth2 to obtain delegated certificate • Project internally uses RESTfulwebservices • Except a few SOAPful instances • Own implementation of OAuth2 • Python • Collaboration with NDG (CEDA) • Need to use and delegate X.509 certificates

  3. Use Cases for Delegation • User credential • To virtual machine = access data • Host credential • No longer needed? • Virtual networks – secured with certificates

  4. Non-interactive Delegation Interface (2-legged OAuth) 4

  5. Interactive Delegation Interface (OAuth)

  6. Interactive Delegation Interface (OAuth)

  7. Delegation to VMI

  8. Experiences • Need to link access token with permissions • Authorisation server to resource server • Projects have investigated magic access tokens • Interoperation between Java and Python impl. • Full OAuth – need socket open on client!!! • Unusable for real life scenarios • Protocol features • Some essential things out of scope of protocol: authentication, discovery • Relies heavily on HTTP redirections • Not a standard yet • Simpler than OAuth – but getting complex??

  9. contrail is co-funded by the EC 7th Framework Programme http://contrail-project.eu Funded under: FP7 (Seventh Framework Programme) Area: Internet of Services, Software & virtualization (ICT-2009.1.2) Project reference: 257438 Total cost: 11,29 million euro EU contribution: 8,3 million euro Execution: From 2010-10-01 untill 2013-09-30 Duration: 36 months Contract type: Collaborative project (generic) contrail-project.eu 09

More Related