Dear Francisco, Interesting question about Federated Identities management. I understand the proposal that you mention but in that case we only can access to the data if it there are registered users and they provide the credentials in that embedding login. The rest of users could not access to the data. Maybe some kind of anonymous user with Data Usage Control or even a simple Data Access Policy defined in AuthZForce to allow only GETs operation over specific data could resolve as well the solution. Do not forget as well the different versions in the CKAN extensions and IdM that are currently in the FIWARE Lab. BR, Fernando On 11.05.20 12:38, Francisco de la Vega wrote: > Deal All, > > As discussed in the TSC meeting presentation of data publication > components we are facing the need of having federated identities. > > The issue arises setting up a global CKAN instance as the one of the > FIWARE Lab. Such an instance is secured with a Keyrock IDM, and allows > to publish Context Broker queries as datasets, so when an authorized > user accesses the dataset, CKAN makes the query to the Context Broker > using the credentials of the logged user (its access token). > > The problem comes when different cities want to publish their data in > the portal, their Context Broker instance is secured with their own > security infrastructure so the access token managed by default in CKAN > is not valid. > > At this stage the most simple approach is just embedding the login of > the related IDM before accessing to the data, but it is not the best > of the solutions. > > I think this issue is not limited to our use case, probably other > components as IDRA are having similar problems with secured context. > > Best regards, > Francisco > -- > FICODESFUTURE INTERNET CONSULTING & DEVELOPMENT SOLUTIONS S.L > <http://www.ficodes.com/> > *Francisco de la Vega* > > Chief Technical Officer <http://ficodes.com/> > > fdelavega at ficodes.com <mailto:fdelavega at ficodes.com> > > +34 690 017 304 > > www.ficodes.com <http://www.ficodes.com/> > > > *CLÁUSULA INFORMATIVA PROTECCIÓN DE DATOS* > > * *Responsable:* FUTURE INTERNET CONSULTING AND DEVELOPMENT > SOLUTIONS S.L. (B87798617) C/ DURILLO 1 PORTAL 7 1ºD 28232 LAS > ROZAS DE MADRID (Madrid). > * *Finalidad:* Mantener relaciones profesionales y prestación del > servicio contratado. Sus datos se mantendrán durante el periodo > establecido por la normativa vigente. > * *Legitimación:* Consentimiento del interesado, Ejecución de un > contrato, Interés legítimo y Prestación del servicio contratado. > * *Destinatarios:* No se cederán datos a terceros, salvo > autorización expresa u obligación legal y No se harán > transferencias internacionales de datos. > * *Derechos:* Acceder, rectificar y suprimir los datos, portabilidad > de los datos, limitación u oposición a su tratamiento, > transparencia y derecho a no ser objeto de decisiones automatizadas. > * *Información Adicional:* Puede consultar la información adicional > y detallada contactando a través de rgpd at ficodes.com > <mailto:rgpd at ficodes.com>. > * *Confidencialidad:* Si Ud. no es el destinatario y recibe este > mail por error, rogamos se ponga en contacto con nosotros y > destruya de inmediato el mail por error recibido con todos sus > documentos adjuntos sin leerlos ni hacer ningún uso de los datos > que en ellos figuren, ateniéndose a las consecuencias que de un > uso indebido de dichos datos puedan derivar. > > > __________________________________________________________________________________________ > > You can get more information about our cookies and privacy policies on the following links: > - https://wiki.fiware.org/FIWARE_Privacy_Policy > - https://wiki.fiware.org/Cookies_Policy_FIWARE > > > fiware-technical-committee mailing list > fiware-technical-committee at lists.fiware.org > > To unsubscribe from fiware-technical-committee mailing list, go to the information page of the list at: > https://lists.fiware.org/listinfo/fiware-technical-committee > -- Document Fernando López Aguilar FIWARE Cloud & Platform Senior Expert M. +49 1522 2600767 fernando.lopez at fiware.org <mailto:fernando.lopez at fiware.org> www.fiware.org <https://www.fiware.org/> Twitter: @fiware <https://twitter.com/fiware> @flopezaguilar <https://twitter.com/flopezaguilar> <https://www.fiware.org/events> -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20200511/d7b59b33/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: Foundation-logo.png Type: image/png Size: 8201 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20200511/d7b59b33/attachment-0001.png>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy