Detailed Security Interaction Scenario

Skip to first unread message


Dec 15, 2008, 5:52:30 PM12/15/08
to WfXML
I have attempted to describe the complete interaction around what has
to happen to set up a workflow that makes secure calls to other
services. This covers only the "subworkflow" which makes a call to
the weather model service and the plume calculation service.

What I have found is that a user (named Andy) can provision a workflow
to call the two services in a secure manner, requiring only SSL
(HTTPS) and the OAuth interchange to set up access tokens. OAuth
requires some interaction with the user via an HTML user interface,
and the user must be able to log in to those services.

OpenID will greatly aid the usability from the user perspective, by
reducing the number of passwords, and the number of times that the
user has to enter a password. Use of OpenID is strongly recommended,
but not required in getting the services to talk to each other. A
service that does not accept OpenID at this time can still be called
from the workflow.

The scenario assumes a lot about the user, and I have done my best to
make reasonable assumptions in all cases. I have tried to make all
assumptions explicit, but this is practically impossible in a real-
world scenario, and hopefully I have made all the relevant assumptions
explicit. Changing those assumptions might change the the technology

At this point, the main goal is to see if the assumptions I have made
about the scenario is correct or not. If you find a problem with the
assumptions of the scenario, please reply with a comment immediately,
and we can change the scenario, and then rework to see if OAuth still
fits the bill.


Pat G Cappelaere

Dec 15, 2008, 7:21:51 PM12/15/08
Do we agree on current flows I sent this morning?
This ought to be the situation before we make any changes.
Then we hilight what we want to change and where.

Reply all
Reply to author
0 new messages