Re: Single Sign-on

[B W <b....@gmail.com>]

How is Single Sign-on implemented for oodt?

BW

On Jan 12, 2012, at 8:53 PM, "Mattmann, Chris A (388J)"
<ch...@jpl.nasa.gov> wrote:

> Hi BW:
>
> In the current model, it's not done at all. The QueryServlet doesn't really exist
> since the advent of Web-Grid for the information integration components:
>
> http://oodt.apache.org/components/maven/grid/
>
> Check out the slides from Sean Kelly on that site, that describes web grid.
> Basically instead of the query server/servlet, we opted for a more REST
> service oriented style where users consume profile and product server
> end points via the Web Grid substrate.
>
> Does that help?
>
> Cheers,
> Chris
>
> On Jan 12, 2012, at 8:50 PM, B W wrote:
>
>> Correct me if I'm wrong, an initial query is posted via a user agent
>> browser to a servlet for the Query Service then:
>> The messaging layer broadcasts the query to registered Profile Services
>> that are running?
>> Is this done via XML-RPC or posting to the servlets on the Profile Servers?
>>
>>
>> I'm trying to figure out the whole thread.
>>
>> Thx.
>>
>> On Thu, Jan 12, 2012 at 8:22 PM, Mattmann, Chris A (388J) <
>> chris.a.mattmann@jpl.nasa.gov> wrote:
>>
>>> Hey Sean,
>>>
>>>>
>>>> The ebXML model is one of the least egregious for a registry that I've
>>> seen, and believe me, I've seen some nasty ones. But what makes JPL's
>>> implementation so compelling is its JSON-esque and ReST-ful based API,
>>> which, as far as I can tell, is totally original within the ebXML & OASIS
>>> worlds.
>>>>
>>>> Normally I turn my nose up to heavy-handed models with entrenched APIs,
>>> but the singular achievement of JPL is to make the ebXML model, which
>>> conceptually isn't byzantine, actually usable, approachable, and extendable.
>>>
>>> Super +1.
>>>
>>>>
>>>> Is there any hope we can get JPL, Caltech, and NASA to give it up to
>>> become part of OODT? Or its own Incubator project?
>>>
>>> I think Hardman is working on it, he can feel free to comment (or not)
>>> here ^_^
>>>
>>> Cheers,
>>> Chris
>>>
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Chris Mattmann, Ph.D.
>>> Senior Computer Scientist
>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>>> Office: 171-266B, Mailstop: 171-246
>>> Email: chris.a.mattmann@nasa.gov
>>> WWW:   http://sunset.usc.edu/~mattmann/
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Adjunct Assistant Professor, Computer Science Department
>>> University of Southern California, Los Angeles, CA 90089 USA
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Chris Mattmann, Ph.D.
> Senior Computer Scientist
> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
> Office: 171-266B, Mailstop: 171-246
> Email: chris.a.mattmann@nasa.gov
> WWW:   http://sunset.usc.edu/~mattmann/
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Adjunct Assistant Professor, Computer Science Department
> University of Southern California, Los Angeles, CA 90089 USA
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>

Re: Single Sign-on

["Mattmann, Chris A (388J)" <ch...@jpl.nasa.gov>]

Hi BW,

It's currently implemented in multiple fashions and I think it's
best to talk specifics in order to properly respond. I'll stick to the
delineation of components between the data processing/computational
components, versus the information integration ones.

Data Processing:

File Manager - SSO is implemented by extending the XML-RPC with 
a secure handler. Sean Kelly implemented such a handler [1] using
Jython/Java that you can check out as an example. That's an example
of locking down the actual XML-RPC service with an SSO-type capability.
A similar approach could be taken (but hasn't yet) for the actual Workflow
Manager and Resource Manager services. Instead, we typically just front
these services with an app server like Tomcat, and let Tomcat plug in to LDAP
for SSO.

In our web applications that sit on top of Data Processing (or "PCS") services,
we use this framework [2], called CAS-SSO. It's currently integrated into CAS-curator,
and into our OODT Balance web applications framework.

Information Integration:

Since Web Grid runs in a Java server environment like Tomcat, we simply rely
on integration with LDAP, here, or by extending the Web Grid container in 
a similar fashion as to how Sean Kelly implemented for XML-RPC in [1].

OK hope that helps!

Cheers,
Chris

[1] http://svn.apache.org/repos/asf/oodt/trunk/filemgr/src/main/python
[2] http://svn.apache.org/repos/asf/oodt/trunk/sso

On Jan 13, 2012, at 9:49 AM, B W wrote:

> How is Single Sign-on implemented for oodt?
> 
> BW
> 
> On Jan 12, 2012, at 8:53 PM, "Mattmann, Chris A (388J)"
> <ch...@jpl.nasa.gov> wrote:
> 
>> Hi BW:
>> 
>> In the current model, it's not done at all. The QueryServlet doesn't really exist
>> since the advent of Web-Grid for the information integration components:
>> 
>> http://oodt.apache.org/components/maven/grid/
>> 
>> Check out the slides from Sean Kelly on that site, that describes web grid.
>> Basically instead of the query server/servlet, we opted for a more REST
>> service oriented style where users consume profile and product server
>> end points via the Web Grid substrate.
>> 
>> Does that help?
>> 
>> Cheers,
>> Chris
>> 
>> On Jan 12, 2012, at 8:50 PM, B W wrote:
>> 
>>> Correct me if I'm wrong, an initial query is posted via a user agent
>>> browser to a servlet for the Query Service then:
>>> The messaging layer broadcasts the query to registered Profile Services
>>> that are running?
>>> Is this done via XML-RPC or posting to the servlets on the Profile Servers?
>>> 
>>> 
>>> I'm trying to figure out the whole thread.
>>> 
>>> Thx.
>>> 
>>> On Thu, Jan 12, 2012 at 8:22 PM, Mattmann, Chris A (388J) <
>>> chris.a.mattmann@jpl.nasa.gov> wrote:
>>> 
>>>> Hey Sean,
>>>> 
>>>>> 
>>>>> The ebXML model is one of the least egregious for a registry that I've
>>>> seen, and believe me, I've seen some nasty ones. But what makes JPL's
>>>> implementation so compelling is its JSON-esque and ReST-ful based API,
>>>> which, as far as I can tell, is totally original within the ebXML & OASIS
>>>> worlds.
>>>>> 
>>>>> Normally I turn my nose up to heavy-handed models with entrenched APIs,
>>>> but the singular achievement of JPL is to make the ebXML model, which
>>>> conceptually isn't byzantine, actually usable, approachable, and extendable.
>>>> 
>>>> Super +1.
>>>> 
>>>>> 
>>>>> Is there any hope we can get JPL, Caltech, and NASA to give it up to
>>>> become part of OODT? Or its own Incubator project?
>>>> 
>>>> I think Hardman is working on it, he can feel free to comment (or not)
>>>> here ^_^
>>>> 
>>>> Cheers,
>>>> Chris
>>>> 
>>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>> Chris Mattmann, Ph.D.
>>>> Senior Computer Scientist
>>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>>>> Office: 171-266B, Mailstop: 171-246
>>>> Email: chris.a.mattmann@nasa.gov
>>>> WWW:   http://sunset.usc.edu/~mattmann/
>>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>> Adjunct Assistant Professor, Computer Science Department
>>>> University of Southern California, Los Angeles, CA 90089 USA
>>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>> 
>>>> 
>> 
>> 
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Chris Mattmann, Ph.D.
>> Senior Computer Scientist
>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>> Office: 171-266B, Mailstop: 171-246
>> Email: chris.a.mattmann@nasa.gov
>> WWW:   http://sunset.usc.edu/~mattmann/
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Adjunct Assistant Professor, Computer Science Department
>> University of Southern California, Los Angeles, CA 90089 USA
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> 


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Chris Mattmann, Ph.D.
Senior Computer Scientist
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 171-266B, Mailstop: 171-246
Email: chris.a.mattmann@nasa.gov
WWW:   http://sunset.usc.edu/~mattmann/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adjunct Assistant Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++