(note: this page is being rewritten - it is not fully up to date) == Workspaces: concept == Basically it is a private/group-shared cloud storage for researchers. Requirements: * easy to use, should ideally integrate closely with the operating system * CLARIN server-side applications should be able to access it (for reading and writing, if the owner allows) * if/when offered as a production service: * should come with a clear statement about availability * should come with clear legal terms of reference (to prevent abuse/illegal actions/liability for the hoster) == !OwnCloud == [http://owncloud.org OwnCloud] is the obvious choice, since: * it has been tested in CLARIN-D * it has a lot of momentum and development activity * it has been chosen by EUDAT That said, it is by no means perfect software. It relies a lot on relational databases for the back-end, which is not ideal in terms of scalability. For a detailed analysis about these issues, see the [https://forum.cloud.switch.ch/t/switchdrive-upgrade-6-0-6-to-7-0-5-post-mortem/24 Switch blog] about their upgrade from version 6 to 7. Earlier versions (before version 6) had quite some security issues. A few hints on how to access publicly shared links can be found [wiki:ownCloud-shared-links-access here]. == Available installations == * EUDAT is providing the beta [https://eudat.eu/services/b2drop B2DROP] service, which is based on OwnCloud and hosted at the [FZJ computing centre]. * CLARIN-D has an own [https://clarin.fz-juelich.de/owncloud test instance of OwnCloud] hosted at FZJ. Probably B2DROP can replace this test instance, since it is the same software running at the same computing centre. Also, the organisational backing of EUDAT is important. * Several [https://owncloud.com/customer-stories/ national research networks] have setup an ownCloud installation. The [https://wiki.geant.org/display/OCM/Open+Cloud+Mesh OpenCloudMesh] project tries to enable interoperability between these large ownCloud installations. Providing a connection with the !OpenCloudMesh participants will probably become an important factor. == Authentication == === web-based access === This is the easy case: use SAML. There are (tested) plugins for OwnCloud: * http://www.yaco.es/blog/en/uniquid/2012/06/implementado-plugin-saml-para-owncloud/ * https://gitorious.org/owncloud/apps/trees/master/user_saml === user delegation (access by web applications) === Challenge is to access it from web services/applications. To do so, a SAML-to-OAuth2 bridge might be needed. More information on this: * https://www.clarin.eu/content/user-delegation * [https://www.clarin.eu/event/2015/centre-meeting workshop on user delegation] * [ticket:636 testing user delegation in CLARIN-D] * [wiki:OAuthDelegation Authentication delegation between services using OAuth2] === end-user synchronisation clients === some possible solutions: * LDAP (restricted to just 1 Identity Provider) > tested successfully for CLARIN-D !OwnCloud. Outstanding issues: * linking with web-based access (match LDAP user ID to SAML attribute like ePPN) * risk that people only use CLARIN IdP as it offers more functionality than their own Identity Provider * SAML integration (client application showing a browser window where a web-based login can take place). [https://www.surf.nl/en/services-and-products/surfdrive/surfdrive.html SURF] uses this system (for 11.000 users at 65 institutes) but is not really happy about the daily functioning. Some early experiments by Dieter seem to confirm this: users often have to login again. (theoretic solutions that have not been tested and are probably not worth pursuing:) * Radius (like for eduroam), see e.g. plugin for [http://wiki.gwdg.de/index.php/GWDG_Cloud_Share/EN#Prerequisites_and_limitations powerfolder as used at GWDG] and plugin for [https://github.com/AlessandroLorenzi/owncloud-radius OwnCloud]. Outstanding issues: * will it work (as well as eduroam)? * is it allowed to use eduroam credentials for this? * [https://community.ja.net/groups/moonshot Moonshot] (based on radius but with own client software) == History and background == * There are some other Cloud storage solutions around, e.g.: * [https://www.powerfolder.com Power Folder] - at the time of evaluation closed source and rather bad test experiences * [https://www.seafile.com/en/about/ Sea File] - fairly new, open source since mid 2012, positive stories but not as popular as ownCloud * [http://www.eyeos.com/ EyeOS] - was considered by CLARIN-D in 2012, but discarded later because of low development activity at the EyeOS site and blog * [https://pydio.com Pydio] (formerly AjaXplorer) * In June 2016, ownCloud has been [http://karlitschek.de/2016/06/nextcloud/ forked] (new name: Nextcloud)