The Authorization framework is a token based authorization system. For each Virtual Research Environment (VRE), users can exploit three types of tokens.
The personal token has to be used for any programmatic interaction with the services. Operations are billed to your account.
It is a token associated with a mnemonic label. Operations accounted to your user.
It is a token associated with an application identifier. Operations performed with this token accounted to the application and not to your profile. VRE Manager is informed.
Token scope and flow
Any Token is valid only in the VRE in which it was created. Passed transparently among services call as shown in the Figure below:
Where to get the Tokens?
You can get the three tokens by registering to any VRE in which they want to develop on and using the Authorisation Options Badge. See figure below to locate Authorisation Options Badge in any VRE Home Page
Further details on the Authorization Framework
To learn more about the Authorization Framework policy language, system architecture and installation visit the related wiki page on gCube WIKI.
Modalities of Integration with D4Science Infrastructure
GOLD - the higher level of integration, the infrastrucure provides the Community Service with authentication, authorization, monitoring and accounting. However the Service must be written in Java and run over an authorised Web Container (SmartGears).
SILVER - run the Community Service on any platform and use a Personal Token. You can contact D4Science services and can perform operations on behalf of the users, you are responsible for the platform hosting your service. The figure below shows an example of a Service needing to access the Content Cloud service of the D4Science Infrastructure.
BRONZE - run the Community Service on any platform and use an Application Token. You can contact D4Science services but cannot perform operations on behalf of the users, you are responsible for the platform hosting your service. The figure below shows an example of a Service needing to access the Content Cloud service of the D4Science Infrastructure.