Hi all, This is a reminder that the TSC tomorrow will focus on the follow-up of Security and API Management components. As discussed in previous TSCs, it will be the opportunity to discuss on the issue about federated identifies that Francisco de la Vega raised. Please find thread of discussion below. Last but not least, we should proceed for deciding on the acceptance of Micro-ROS <https://micro-ros.github.io/> as a new Incubated FIWARE GE. As a reminder, you can find the link to the presentation <https://drive.google.com/file/d/1-cqhjQQEHSI5ZOOFDpveWhK9BeTJKw3y/view?usp=sharing> made by eProsima to the TSC. Cheers, Document Juanjo Hierro Chief Technology Officer juanjose.hierro at fiware.org <mailto:juanjose.hierro at fiware.org> www.linkedin.com/in/jhierro <https://www.linkedin.com/in/jhierro> Twitter: @fiware <https://twitter.com/fiware> @JuanjoHierro <https://twitter.com/JuanjoHierro> -------- Forwarded Message -------- Subject: Re: [Fiware-technical-committee] Discussion on federated identities Date: Wed, 13 May 2020 16:39:20 +0200 From: Álvaro Alonso <alvaro.alonso at upm.es> To: Francisco de la Vega <fdelavega at ficodes.com> CC: fiware-technical-committee at lists.fiware.org Dear Francisco, thank you very much for raising up this issue. But i’m not sure if I understand the details of the scenario. Which entity publishes the data and where? Which entity is delegating the authentication of the user? Which entity is validating the token with Keyrock? Could you please provide a more detailed description including the different instances of CB, Keyrock, etc, the users and their interactions? BR and thanks! -- Álvaro > El 11 may 2020, a las 12:38, Francisco de la Vega > <fdelavega at ficodes.com <mailto:fdelavega at ficodes.com>> escribió: > > Deal All, > > As discussed in the TSC meeting presentation of data publication > components we are facing the need of having federated identities. > > The issue arises setting up a global CKAN instance as the one of the > FIWARE Lab. Such an instance is secured with a Keyrock IDM, and allows > to publish Context Broker queries as datasets, so when an authorized > user accesses the dataset, CKAN makes the query to the Context Broker > using the credentials of the logged user (its access token). > > The problem comes when different cities want to publish their data in > the portal, their Context Broker instance is secured with their own > security infrastructure so the access token managed by default in CKAN > is not valid. > > At this stage the most simple approach is just embedding the login of > the related IDM before accessing to the data, but it is not the best > of the solutions. > > I think this issue is not limited to our use case, probably other > components as IDRA are having similar problems with secured context. > > Best regards, > Francisco > -- > FICODESFUTURE INTERNET CONSULTING & DEVELOPMENT SOLUTIONS S.L > <http://www.ficodes.com/> > *Francisco de la Vega* > Chief Technical Officer <http://ficodes.com/> > fdelavega at ficodes.com <mailto:fdelavega at ficodes.com> > +34 690 017 304 > www.ficodes.com <http://www.ficodes.com/> > > > *CLÁUSULA INFORMATIVA PROTECCIÓN DE DATOS* > > * *Responsable:* FUTURE INTERNET CONSULTING AND DEVELOPMENT > SOLUTIONS S.L. (B87798617) C/ DURILLO 1 PORTAL 7 1ºD 28232 LAS > ROZAS DE MADRID (Madrid). > * *Finalidad:* Mantener relaciones profesionales y prestación del > servicio contratado. Sus datos se mantendrán durante el periodo > establecido por la normativa vigente. > * *Legitimación:* Consentimiento del interesado, Ejecución de un > contrato, Interés legítimo y Prestación del servicio contratado. > * *Destinatarios:* No se cederán datos a terceros, salvo > autorización expresa u obligación legal y No se harán > transferencias internacionales de datos. > * *Derechos:* Acceder, rectificar y suprimir los datos, portabilidad > de los datos, limitación u oposición a su tratamiento, > transparencia y derecho a no ser objeto de decisiones automatizadas. > * *Información Adicional:* Puede consultar la información adicional > y detallada contactando a través de rgpd at ficodes.com > <mailto:rgpd at ficodes.com>. > * *Confidencialidad:* Si Ud. no es el destinatario y recibe este > mail por error, rogamos se ponga en contacto con nosotros y > destruya de inmediato el mail por error recibido con todos sus > documentos adjuntos sin leerlos ni hacer ningún uso de los datos > que en ellos figuren, ateniéndose a las consecuencias que de un > uso indebido de dichos datos puedan derivar. > > __________________________________________________________________________________________ > > You can get more information about our cookies and privacy policies on > the following links: > - https://wiki.fiware.org/FIWARE_Privacy_Policy > - https://wiki.fiware.org/Cookies_Policy_FIWARE > > > fiware-technical-committee mailing list > fiware-technical-committee at lists.fiware.org > <mailto:fiware-technical-committee at lists.fiware.org> > > To unsubscribe from fiware-technical-committee mailing list, go to the > information page of the list at: > https://lists.fiware.org/listinfo/fiware-technical-committee > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20200712/563c8c71/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: foundation-logo.png Type: image/png Size: 8201 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20200712/563c8c71/attachment-0001.png> -------------- next part -------------- __________________________________________________________________________________________ You can get more information about our cookies and privacy policies on the following links: - https://wiki.fiware.org/FIWARE_Privacy_Policy - https://wiki.fiware.org/Cookies_Policy_FIWARE fiware-technical-committee mailing list fiware-technical-committee at lists.fiware.org To unsubscribe from fiware-technical-committee mailing list, go to the information page of the list at: https://lists.fiware.org/listinfo/fiware-technical-committee
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy