Hi all,
We are currently developing visualisation mash-up that allows the user to choose from a number of graphs, then loads the data for the selected data (using MashupPlatform.http.makeRequest) and feeds the loaded data to flotr2 graph. In our current implementation, both the list of available graphs and the data for each graph is stored on an open web server without any authentication, so anyone who knows the URI can see the data. Currently this is OK but we'd like to use the same set-up also for showing confidential information. For that, we need to implement some kind of access control so, that the data is only available through the Wirecloud mash-up. Some possibilities that come to mind:
1) Some kind of secret token that is sent alongside the request. This would probably require special web server support.
You can use the OAuth2 token provided by the IdM, if you are using it. This doesn't require any special web server support.
2) HTTP authentication on the web server. User would somehow authenticate on the server order to gain access to the files. Two problems here:
i) Requires explicit logon to the data http server
ii) Logon info (cookie?) needs to be handed over to Wirecloud and passed over on subsequent MashupPlatform http requests. We don't know if this is even possible
You can use session cookies when making request from WireCloud (by using the withCredentials option ) if your service supports CORS, but I don't recommend this architecture.
3) OAuth. Our Wirecloud installation would use the web server for access control so that the user would automatically get a OAuth token when he logs on Wirecloud. This probably requires some extra support from Wirecloud.
As I mentioned before, this can already be archived when using the IdM. You will have to create code If you are using another identity framework, but probably you can use the existing IdM integration code as base. I know that FISPACE has done this for integrating KeyCloak with WireCloud.
Is any of these options doable? If not, maybe some other?
The integration using an OAuth2 token sounds promising, so I think is better to explore this option before searching another alternative.
Best regards,
Álvaro Arranz (WireCloud's lead developer)
Hi Alvaro, could you help this INCENSe SME answering to 3) ?
Regards,
P.