[Go-essp-tech] getting started document
philip.kershaw at stfc.ac.uk
philip.kershaw at stfc.ac.uk
Tue Feb 15 08:19:38 MST 2011
Hi Martin,
A question to Phil and perhaps Stephen: if a user has logged in to a gateway to get a wget script, is there any reason the gateway can’t give him a certificate as well? Probably not the best time to bring this up, but I don’t see why users who have just logged on need to do so again through a java application which has issues with some browsers.
The dry technical answer is that the MyProxy logon step is not just getting a certificate, it is generating a public/private key pair. The private key should never leave your desktop machine, the public key is sent to the MyProxy server in the logon call so that it can incorporate it in a certificate and return it to you. To do this all from the Gateway, the key pair would need to be generated on the Gateway side. This breaks the principles of Public key cryptography: the private key should be generated by the actor that's going to use it – in this case the user and not the Gateway.
Stepping back from this there are a whole range of issues you could discuss! Depending on the agenda for the call later we could talk about some of these.
Cheers,
Phil
From: go-essp-tech-bounces at ucar.edu<mailto:go-essp-tech-bounces at ucar.edu> [mailto:go-essp-tech-bounces at ucar.edu] On Behalf Of Karl Taylor
Sent: 15 February 2011 08:07
To: Pascoe, Stephen (STFC,RAL,SSTD)
Cc: go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>
Subject: Re: [Go-essp-tech] getting started document
Hi Stephen,
Thanks to you and Phil for improving the getting started document. I've accepted all your changes and then made additional revisions, which I hope continue to improve it. Now its your turn again. Of course, it would be great if others might also take a look and comment.
IMPORTANT: could someone remind me of the phone number and password for the Tuesday telecon?
thanks,
Karl
On 2/14/11 6:33 AM, stephen.pascoe at stfc.ac.uk<mailto:stephen.pascoe at stfc.ac.uk> wrote:
Hi Karl,
I've substantially edited the first few sections of the getting started document and incorporated some earlier edits from Phil. I don't think we are there yet but I hope I've improved how we explain Gateways and OpenID in steps 1-3. I will review the download part as soon as I can as: I want to minimise the complexity of explaining the MyProxy service but this will depend on how automatic we can make the wget script.
Thanks,
Stephen.
---
Stephen Pascoe +44 (0)1235 445980
Centre of Environmental Data Archival
STFC Rutherford Appleton Laboratory, Harwell Oxford, Didcot OX11 0QX, UK
From:go-essp-tech-bounces at ucar.edu<mailto:go-essp-tech-bounces at ucar.edu> [mailto:go-essp-tech-bounces at ucar.edu] On Behalf Of Karl Taylor
Sent: 01 February 2011 16:50
To: go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>
Subject: [Go-essp-tech] getting started document
Dear all,
I've attached a (rather long) "getting started" document to help new users obtain CMIP5 model output. The procedure works at least for the old token system. Could someone read over it and edit it where needed so that it is correct for the new non-token system? Any suggestions on simplifying it would also be helpful.
thanks,
Karl
On 1/31/11 5:45 AM, Williams, Dean N. wrote:
Dear Colleagues,
We are scheduled to have our regularly scheduled GO-ESSP meeting to discuss the release of our ESG Federated system, which should go live this week (tomorrow)... Please plan on attending the meeting.... :-)
(925) 424-8105 access code 305757#
Thanks and best regards,
Dean
--
Scanned by iCritical.
--
Scanned by iCritical.
More information about the GO-ESSP-TECH
mailing list