-
Type:
Defect
-
Resolution: Done
-
Priority:
Blocker
-
Affects Version/s: None
-
Component/s: None
-
None
Scenario:
Gateway Ga has registered user Ua
Gateway Gb has associated datanode DNb with dataset DSb
Ua has never logged into Gb.
If a Ua makes a wget request for DSb, DNb will call the authorization service on Gb. If Ua has never logged into Gb authorization is refused.
There should be no need for Ua to have logged into Gb, the client certificate is proof of identity. DNb just has to query an AttributeService to discover Ua's roles. In the case of CMIP5 this is the PCMDI AttributeService.
Gateway Ga has registered user Ua
Gateway Gb has associated datanode DNb with dataset DSb
Ua has never logged into Gb.
If a Ua makes a wget request for DSb, DNb will call the authorization service on Gb. If Ua has never logged into Gb authorization is refused.
There should be no need for Ua to have logged into Gb, the client certificate is proof of identity. DNb just has to query an AttributeService to discover Ua's roles. In the case of CMIP5 this is the PCMDI AttributeService.