[Go-essp-tech] resolution on securing opendap aggregations via ESGF
Cinquini, Luca (3880)
Luca.Cinquini at jpl.nasa.gov
Fri May 20 11:17:07 MDT 2011
Hi,
a few points again on the issue of securing opendap aggregations served by the TDS with ESGF filters:
o There's a new release of the ESGF security filters (esg-orp 1.1.2) that maps the TDS request URI to the dataset ID, and should solve this problem. You can experiment with the JPL test TDS server:
http://test-datanode.jpl.nasa.gov/thredds/catalog.html
where the AIRS dataset (and aggregations) is secured, the MLS is not.
o Now the data node authorization filter will correctly identify the aggregation as secured, and call the configured authorization service. Currently, the p2p Node authorization service can be configured to allow authorization based on URL matching, so it will work. The gateway authorization service will have to implement its own logic to establish authorization.
o Finally, I am wondering if we shouldn't change the way we encode authorization in thredds catalogs. Right now, we use restrictAccess="esg-user" for ALL collections, but should we consider about encoding the proper required access control attribute instead, for example restrictAccess="CMIP5 Research" ? Something to think about - there are prons and cons about this - it's all a question on wether the access control belongs in the catalog (and can be harvested for searching...) or not.
thanks, Luca
More information about the GO-ESSP-TECH
mailing list