(note: this page is being rewritten - it is not fully up to date)
Workspaces: concept
Basically it is a private/group-shared cloud storage for researchers. Requirements:
- easy to use, should ideally integrate closely with the operating system
- CLARIN server-side applications should be able to access it (for reading and writing, if the owner allows)
- if/when offered as a production service:
- should come with a clear statement about availability
- should come with clear legal terms of reference (to prevent abuse/illegal actions/liability for the hoster)
OwnCloud
OwnCloud is the obvious choice, since:
- it has been tested in CLARIN-D
- it has a lot of momentum and development activity
- it has been chosen by EUDAT
That said, it is by no means perfect software. It relies a lot on relational databases for the back-end, which is not ideal in terms of scalability. For a detailed analysis about these issues, see the Switch blog about their upgrade from version 6 to 7. Earlier versions (before version 6) had quite some security issues.
A few hints on how to access publicly shared links can be found here.
Available installations
- EUDAT is providing the beta B2DROP service, which is based on OwnCloud? and hosted at the [FZJ computing centre].
- CLARIN-D has an own test instance of OwnCloud hosted at FZJ. Probably B2DROP can replace this test instance, since it is the same software running at the same computing centre. Also, the organisational backing of EUDAT is important.
- Several national research networks have setup an ownCloud installation. The OpenCloudMesh project tries to enable interoperability between these large ownCloud installations. Providing a connection with the OpenCloudMesh participants will probably become an important factor.
Authentication
web-based access
This is the easy case: use SAML. There are (tested) plugins for OwnCloud?:
- http://www.yaco.es/blog/en/uniquid/2012/06/implementado-plugin-saml-para-owncloud/
- https://gitorious.org/owncloud/apps/trees/master/user_saml
user delegation (access by web applications)
Challenge is to access it from web services/applications. To do so, a SAML-to-OAuth2 bridge might be needed.
More information on this:
- https://www.clarin.eu/content/user-delegation
- workshop on user delegation
- testing user delegation in CLARIN-D
- Authentication delegation between services using OAuth2
end-user synchronisation clients
some possible solutions:
- LDAP (restricted to just 1 Identity Provider) > tested successfully for CLARIN-D OwnCloud. Outstanding issues:
- linking with web-based access (match LDAP user ID to SAML attribute like ePPN)
- risk that people only use CLARIN IdP as it offers more functionality than their own Identity Provider
- SAML integration (client application showing a browser window where a web-based login can take place). SURF uses this system (for 11.000 users at 65 institutes) but is not really happy about the daily functioning. Some early experiments by Dieter seem to confirm this: users often have to login again.
(theoretic solutions that have not been tested and are probably not worth pursuing:)
- Radius (like for eduroam), see e.g. plugin for powerfolder as used at GWDG and plugin for OwnCloud. Outstanding issues:
- will it work (as well as eduroam)?
- is it allowed to use eduroam credentials for this?
- Moonshot (based on radius but with own client software)
History and background
- There are some other Cloud storage solutions around, e.g.:
- Power Folder - at the time of evaluation closed source and rather bad test experiences
- Sea File - fairly new, open source since mid 2012, positive stories but not as popular as ownCloud
- EyeOS - was considered by CLARIN-D in 2012, but discarded later because of low development activity at the EyeOS site and blog
- Pydio (formerly AjaXplorer?)
- In June 2016, ownCloud has been forked (new name: Nextcloud)
