Dear Francisco, thank you very much for raising up this issue. But i’m not sure if I understand the details of the scenario. Which entity publishes the data and where? Which entity is delegating the authentication of the user? Which entity is validating the token with Keyrock? Could you please provide a more detailed description including the different instances of CB, Keyrock, etc, the users and their interactions? BR and thanks! -- Álvaro > El 11 may 2020, a las 12:38, Francisco de la Vega <fdelavega at ficodes.com> escribió: > > Deal All, > > As discussed in the TSC meeting presentation of data publication components we are facing the need of having federated identities. > > The issue arises setting up a global CKAN instance as the one of the FIWARE Lab. Such an instance is secured with a Keyrock IDM, and allows to publish Context Broker queries as datasets, so when an authorized user accesses the dataset, CKAN makes the query to the Context Broker using the credentials of the logged user (its access token). > > The problem comes when different cities want to publish their data in the portal, their Context Broker instance is secured with their own security infrastructure so the access token managed by default in CKAN is not valid. > > At this stage the most simple approach is just embedding the login of the related IDM before accessing to the data, but it is not the best of the solutions. > > I think this issue is not limited to our use case, probably other components as IDRA are having similar problems with secured context. > > Best regards, > Francisco > -- > FUTURE INTERNET CONSULTING & DEVELOPMENT SOLUTIONS S.L <http://www.ficodes.com/> > Francisco de la Vega > > Chief Technical Officer <http://ficodes.com/> > > fdelavega at ficodes.com <mailto:fdelavega at ficodes.com> > > +34 690 017 304 > > www.ficodes.com <http://www.ficodes.com/> > CLÁUSULA INFORMATIVA PROTECCIÓN DE DATOS > > Responsable: FUTURE INTERNET CONSULTING AND DEVELOPMENT SOLUTIONS S.L. (B87798617) C/ DURILLO 1 PORTAL 7 1ºD 28232 LAS ROZAS DE MADRID (Madrid). > Finalidad: Mantener relaciones profesionales y prestación del servicio contratado. Sus datos se mantendrán durante el periodo establecido por la normativa vigente. > Legitimación: Consentimiento del interesado, Ejecución de un contrato, Interés legítimo y Prestación del servicio contratado. > Destinatarios: No se cederán datos a terceros, salvo autorización expresa u obligación legal y No se harán transferencias internacionales de datos. > Derechos: Acceder, rectificar y suprimir los datos, portabilidad de los datos, limitación u oposición a su tratamiento, transparencia y derecho a no ser objeto de decisiones automatizadas. > Información Adicional: Puede consultar la información adicional y detallada contactando a través de rgpd at ficodes.com <mailto:rgpd at ficodes.com>. > Confidencialidad: Si Ud. no es el destinatario y recibe este mail por error, rogamos se ponga en contacto con nosotros y destruya de inmediato el mail por error recibido con todos sus documentos adjuntos sin leerlos ni hacer ningún uso de los datos que en ellos figuren, ateniéndose a las consecuencias que de un uso indebido de dichos datos puedan derivar. > __________________________________________________________________________________________ > > You can get more information about our cookies and privacy policies on the following links: > - https://wiki.fiware.org/FIWARE_Privacy_Policy > - https://wiki.fiware.org/Cookies_Policy_FIWARE > > > fiware-technical-committee mailing list > fiware-technical-committee at lists.fiware.org > > To unsubscribe from fiware-technical-committee mailing list, go to the information page of the list at: > https://lists.fiware.org/listinfo/fiware-technical-committee > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-technical-committee/attachments/20200513/f8b0db5a/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy