You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airavata.apache.org by Supun Nakandala <su...@gmail.com> on 2014/04/03 22:01:17 UTC

[GSOC] - Add Security Features for Airavata Thrift Services.

Hi All,

During past few days I experimented the feasibility of integrating WSO2
Identity server with Airavata as a third party user store.

WSO2 Identity server supports OAuth out of the box. it does both token
issuing and token validation. Since the Airavata gateways are mainly web
based gateways the  most suitable OAuth flow will be the implicit flow.
Each thrift RPC will have to be changed to accommodate the new token
parameter. In the server side for token validation we will have to
integrate a component as shown in the diagram[1]. Also WSO2 server supports
mutual authentication. Therefore the token validation between the Airavata
API and the WSO2 IS can be done securely.

Therefore we can easily integrate a WSO2 IS with Airavata for the users who
wants user management functionality and at the same time  achieve security
aspects in the Airavata API.

Secondly for the users who does the user management by them selves we can
provide a separate Authentication API as shown in the diagram and establish
token based service level authorization for the Airavata API.

I have put the details about this proposed solution in the diagram[1]
itself.

Regards
Supun Nakandala

[1] - https://docs.google.com/file/d/0B0A4_fh8ecDdR0RQM2R3UGVrSkE/edit

Re: [GSOC] - Add Security Features for Airavata Thrift Services.

Posted by Suresh Marru <sm...@apache.org>.

Hi Supun,

Thank you. Nice investigation and summary. I have not digested it in detail to critique it, but meanwhile, can you please also address the use case 2 discussed here [1]. You can look at it from a general sense of open id, or explore it specifically for use cases like the IU Gateway [2], [3] (or a more generalized version - CyberGateway[4]) integration with Airavata. 

Suresh

[1] - http://markmail.org/message/5r3iyvj6kfjnq6fq
[2] - https://github.com/SciGaP/IUGateway
[3] - https://cybergateway.uits.iu.edu/iugateway
[4] - https://github.com/SciGaP/CyberGateway

On Apr 3, 2014, at 4:01 PM, Supun Nakandala <su...@gmail.com> wrote:

> Hi All,
> 
> During past few days I experimented the feasibility of integrating WSO2 Identity server with Airavata as a third party user store.
> 
> WSO2 Identity server supports OAuth out of the box. it does both token issuing and token validation. Since the Airavata gateways are mainly web based gateways the  most suitable OAuth flow will be the implicit flow. Each thrift RPC will have to be changed to accommodate the new token parameter. In the server side for token validation we will have to integrate a component as shown in the diagram[1]. Also WSO2 server supports mutual authentication. Therefore the token validation between the Airavata API and the WSO2 IS can be done securely.
> 
> Therefore we can easily integrate a WSO2 IS with Airavata for the users who wants user management functionality and at the same time  achieve security aspects in the Airavata API.
> 
> Secondly for the users who does the user management by them selves we can provide a separate Authentication API as shown in the diagram and establish token based service level authorization for the Airavata API.
> 
> I have put the details about this proposed solution in the diagram[1] itself.
> 
> Regards
> Supun Nakandala
> 
> [1] - https://docs.google.com/file/d/0B0A4_fh8ecDdR0RQM2R3UGVrSkE/edit