[ogsa-hpcp-wg] [OGSA-BES-WG] Unresolved issues in BES from implementation experiences
csmith at platform.com
Mon Feb 25 09:06:22 CST 2008
On 23/2/08 15:28, "Steven Newhouse" <Steven.Newhouse at microsoft.com> wrote:
> * Handling Authorization for the BES Port types
> The BESManagement port type does not throw any (authorization) faults.
> Authentication and authorization is provided by the container. A deployment
> therefore specifies who has access to the operations within BESManagement and
> any client that enters the operation is already authorized to start/stop the
> container from accepting activities and no fault is needed.
I'm not sure that I agree with this approach. Depending on the back end that
you are dealing with, the evaluation of who is authorized might not happen
until the back end is contacted (i.e. after the operation invocation itself
has been authenticated and authorized). It would also be useful to be able
to indicate to the caller that the back end is not authorizing the access by
using a NotAuthorizedFault.
More information about the ogsa-hpcp-wg