Version 6 (modified by 11 years ago) (diff) | ,
---|
Workspaces: concept
Basically it is a private/group-shared cloud storage for researchers. Requirements:
- easy to use, should ideally integrate closely with the operating system
- CLARIN server-side applications should be able to access it (for reading and writing, if the owner allows)
- if/when offered as a production service:
- should come with a clear statement about availability
- should come with clear legal terms of reference (to prevent abuse/illegal actions/liability for the hoster)
Evaluation of proposed software:
- EUDAT is investigating this for their B2Drop service. At the recent EUDAT meeting (SAF, Feb 2014) OwnCloud? was mentioned as a probable candidate, but this was not yet the final decision.
web-based access
This is the easy case: use SAML. There are (tested) plugins for OwnCloud?.
non web-based access
some possible solutions:
- Radius (like for eduroam), see e.g. plugin for powerfolder as used at GWDG and plugin for OwnCloud. Outstanding issues:
- will it work (as well as eduroam)?
- is it allowed to use eduroam credentials for this?
- Moonshot (based on radius but with own client software). Experimental; status needs to be checked with the Moonshot team (which is very communicative: Rhys Smith and John Chapman).
- LDAP (restricted to just 1 Identity Provider) > tested successfully for CLARIN-D OwnCloud. Outstanding issues:
- linking with web-based access (match LDAP user ID to SAML attribute like ePPN)
- risk that people only use CLARIN IdP as it offers more functionality than their own Identity Provider
experiences
OwnCloud
OwnCloud seems to be a good package, has been tested in CLARIN-D (installed on a server at FZJ)
A SAML plugin is also available:
- http://www.yaco.es/blog/en/uniquid/2012/06/implementado-plugin-saml-para-owncloud/
- https://gitorious.org/owncloud/apps/trees/master/user_saml
Challenge is to access it from web services/applications. To do so, a SAML-to-OAuth2 bridge might be needed