Bamboo Authentication Discussion #490
Comments
|
+1 on moving to SSL I'd like to propose using formhub users for the login now. if we want to users bamboo to do basic dashboards for FH datasets each user will need to have a bamboo api key anyways. I think this is somewhat strategic too. FH bamboo can be tied to our client work and we can keep bamboo more as a pure / agnostic programming platform. I don't think we're at the point to offer a standalone webservice for bamboo right now. We can use the authentication for other types of API needs for FH too (correct me if i'm wrong here). Will comment more on permissions and stuff after I've had more time to review this. Thanks Renaud this is a great start. |
|
Our OSM instance might be able to tap into this as well (it already supports OAuth and OpenID). |
|
This is great, thanks @rgaudin. I agree with @mberg that we should use FH for now, then we can overlook the UI tasks and expect FH to be responsible for this. I am also not convinced that we are the point where it is worthwhile to implement a sophisticated permission system, not that we wouldn't want this in the future, but I wonder if this is something current users require in the near-term. Perhaps, for now, we can lean on FH for most of this. |
|
Well, I'm not sure I understand well what you guys want ; neither I do about what leaning on FH exactly means in practice. Given zero direction, I've made a few propositions so I expect a little more guidance than it's not worthwhile :) Password KeysTalking to some of you, it seems like what you want is just a binary way to make a dataset private, like we're doing with Formhub forms.
Formhub could consume the simple entry point described above and thus, in fine, provide the keys in a unified U.I. If you like this proposition, let me know and I'll make some research on how to make this the most standard (haven't check but that reminds me of HTTP Basic Auth). Of Course, this is not future proof but it could serve your immediate needs. I'm worried though that going this route, will soon raise new needs like permissions, not whole data, etc. and then we will have to rediscuss all this Feature PollMaybe it's easier if each of you can just copy-paste the following table with your opinion:
|
|
|
My feeling is that when bamboo does go into production we will want to
I dont think we should implement one authentication method and implement another at a later stage. Based on our current use cases I think we should implement user management now. That said, I like how the bamboo API is exposed and I think we should implement the permission assignment etc. using the same kind of REST API as opposed to exposing a UI. The UI can be built off the pybamboo and bamboo.js APIs as needed. Since at the moment bamboo users will primarily be formhub users, it makes sense to authenticate them using current formhub users. We should however keep in mind that at some point in the future we will likely have users without formhub accounts who want access to bamboo. Therefore leaving room for other authentication providers makes sense which also makes a case for a bamboo based user management implementation. I'm however not sure that you need to implement an oath server on bamboo's end, depedning how open we want to be, we can allow a certain list of providers, formhub being one. So what I'm proposing, implementation wise is:
|
|
I have never been a bamboo client so I do not have strong opinions. |
Here are my thoughts on permissions and authetications:
Feature Poll
|
|
first, i am with @renaud in that it is unclear to me what the real desire is in terms of functional outputs and where they should be implemented. i believe that we have a lot of ideas about what we want to do (which is awesome) and this is going to be a matter of priorities and vision. if the driving force is for formhub to use bamboo and expose some of its functionality, then there are several ways to achieve that including some that involve little to no actual bamboo development. if we are talking about what we would like the bamboo.io web service to be, then that is something slightly different. i think what is going on is that we are trying to talk about all of these things at the same time which makes it hard to move forward with development. what we should do is clarify where we want to go and the setup that we see as sustainable and then we can make sure that our work in the near term fits into our overall progression. from what i can tell, we would like to use bamboo in formhub while at the same time realizing that formhub is just one user of bamboo. it would make sense to add functionality to bamboo such that any other service could use it in the same way. here are some feelings about this that i think inform my answers to the questions posed:
we really need to discuss this over skype or google hangout to get through it... |
|
Guys, this is great and I agree with what you all said. On Thu, Mar 14, 2013 at 5:44 PM, Mark Johnston [email protected]:
|
|
Monday morning before or after the dev meeting? Tuesday morning 9am EST? On Thu, Mar 14, 2013 at 3:22 PM, rgaudin [email protected] wrote:
Prabhas Pokharel |
Please take this topic as a starting point for the definition of the Data Access Policy that we would like to see in Bamboo.
I think we all agree that the current situation is not sustainable in production:
First, I believe we need to define what we want to be able to do ;
Please note that I am assuming that:
One thing I really like about the current situation is that it's super simple to use, and anonymous.
While we definitely need to offer private and secure dataset, I believe we should keep the unsecure, open and easy way.
Thus I'd like to propose 3 layers of security:
Thoughts (not in order):
Switch to SSL only
This is not directly related to authentication but since we want to protect data, first step is probably to disallow clear HTTP.
It is possible to have both together but that's not the point right?
It's just a little setup, a little money ($70/y on godaddy) and some communication to existing users.
User Management
We want to know who owns a dataset.
This will allow us to contact the owner if needed (IO too high, data corrupted, scheduled maintenance, etc) and also allow us to present/group all datasets tied to a particular user.
For this authentication, we will need a classical auth mechanism, like a custom user/pass system or use a third party (google, github, facebook, OpenID). It might be interesting to have formhub here as the identity provider.
I'm in favor of externalizing this.
A User account would provide:
Identified Users
We want to know who's using a dataset.
This is usually done through simple API Keys. The owner of a DS provides API Keys to self or other clients accessing the data.
Using this would permit: quota, ban, statistics based on data consumers.
It's interesting and easy to implement.
I don't know how we would perform unit tests though if we require one (no anonymous).
Anonymous User
Anonymous (no Key provided) would simply default to a special unique Identified User name Anonymous.
All anonymous requests would share the same profile.
Authenticated Users
Authentication would need to be secure and allow third-parties (FH, jarvis-bi?) to consume the data too.
After some research I believe the best & easiest way to do it is to be an OAuth 1.0a Provider.
On the client side, it means that clients will need to use an OAuth library.
On the server side, using a library such as
oauthlib(which seems like the best fit) still requires a good amount of work.Datasets Permissions
We want dataset owner to set permissions.
Just like we can give per-user permissions to forms on Formhub, dataset owners should be able to give permissions to users.
Main differences:
GET,PUT,POST,DELETEImplementation Tasks
Please send-in your comments ; am I missing something?
The text was updated successfully, but these errors were encountered: