List view
As discussed, groups can play a very useful role in granting access; on the resource side (Research Drive, see milestone 2.1) an SRAM group is given access to a given folder or share, this is something that was already introduced in the RD-SRAM project. And on the relying party side (Research Cloud, see milestone 2.2), access can simply be requested to "whatever resources have been tied to this group elsewhere", in a nicely decoupled way. Therefore: ● We will show how an authorization server can allow an authenticated user to give out an access token to a service, delineating the scope of access in terms of choosing a specific SRAM group from a list. ● We will probably use an off-the-shelf open source OAuth server, and have it take its scopes configuration and user administration from the SRAM groups list and users list, respectively. ● Deliverable: the full Proof-of-Concept in a reproducible test network (using Docker-Compose or similar), demonstrating the integration between resource server (Research Drive), authorization server (configured from SRAM), and relying party (Research Cloud).
No due dateIt is already possible to mount a WebDAV folder into a Research Cloud Workspace (VM). But now: ● We will show how to combine such a mount with a process that refreshes the short-lived tokens, using a refresh token ● This will probably require some kind of scheduled task that refreshes the token in time before it expires ● If the access was revoked since the last refresh, the mounted folder will be removed from the VM ● Deliverable: a command-line tool on the VM that triggers a web view in the user's browser, or vice versa, plus the refresh task to be scheduled
No due dateIt is already possible to access the WebDAV interface of ResearchDrive using a token, but these tokens give root access to all documents on a user's account, and don't expire. In this milestone: ● We will show how short-lived tokens can be used instead ● We will show how access can be restricted to only a certain folder or share ● For selecting which resources (folders) to share with which SRAM group, this will build on the Federated Group work from the RD-SRAM project ● We don't expect this to require any changes to the core server code of OC-10 ● Deliverable: an open source OC-10 app that can be installed on a ResearchDrive server
No due date