Re: support for authentication using OpenDap and addfiles?

From: David Brown <dbrown_at_nyahnyahspammersnyahnyah>
Date: Fri Jul 15 2011 - 12:08:57 MDT

Hi Jamie,
It is certainly on our to-do list to support ESG authentication through opendap. I personally worked on some of the early requirements and design docs for this facility in ESG. Luca's message speaks about Netcdf-python and pydap. I think that we need it to become accessible through the opendap component of the C NetCDF library. Then as Luca says, we would just need to relink with a properly configured version of NetCDF perhaps with some minor tweaks to the NCL source. But I don't know what current status of this project relative to OPeNDAP or NetCDF is.
 -dave

On Jul 15, 2011, at 8:43 AM, Jamie Scott wrote:

> Here are some more details from the ESG support on what is required for OpenDAP clients to access data securely on EarthSystemGrid, in case NCL developers would like to add this capability in the future.
> -Jamie
>
>> Hi Jamie,
>> we are working on that... the software is all there, but it needs to be deployed and configured uniformly across ESG. In short, what needs to happen is the following:
>>
>> a) each Node exposes data via an Opendap server (typically, the TDS)
>> b) each Node is configured with the PKI-based security filters for authentication and authorization)
>> c) the client of choice needs to be relinked with a version of the library (Netcdf-python or pydap) that supports ESG security - essentially, following redirects, send certifica tes and e, this is a working example of an opendap retrieval command via the wget client to the JPL TDS:
>>
>> wget --certificate user.pem --private-key user.pem http://esg-datanode.jpl.nasa.gov/thredds/dodsC/esg_dataroot/obs4MIPs/observations/atmos/ta/mon/grid/NASA-JPL/AIRS/v20110608/ta_AIRS_L3_RetStd-v5_200209-201105.nc.dods?ta[0:1:0][0:1:0][0:1:0][0:1:0]
>>
>> If you have a client that supports c), you could start trying to access the data from those nodes that have a) and b) configured already.
>>
>> thanks, Luca
>>
>>
>> On Jul 14, 2011, at 9:45 AM, Jamie Scott wrote:
>>
>>> Is there support for accessing data on ESG with OpenDAP enabled clients instead of downloading everything with a web browser or wget?
>>>
>>> Thanks,
>>>
>>> Jamie Scott
>>
>> On Jul 13, 2011, at 12:50 PM, David Brown wrote:
>>
>>> Hi Jamie,
>>>
>>> If the site in question uses loose authentication that allows clear text passwords, then I see from the OPeNDAP site that it should be possible to include the username and password in the URL.
>>> I believe the syntax is something like
>>> http://username:password@rest-of-URL
>>>
>>> However, I think there are other more secure protocols that have been implemented in OPeNDAP that would require implementation within the NCL source code. If that is your case, perhaps you can describe the authentication requirements of the site in question, and we can look into the feasibility of adding the necessar on the list has more information about the current status of OPeNDAP authentication, we would be interested in your input.
>>> -dave
>>>
>>> On Jul 8, 2011, at 11:31 AM, Jamie Scott wrote:
>>>
>>>> Is there a way to open OpenDap files that require http authentication-(username and passwords) using addfile in NCL?
>>>>
>>>> -Jamie Scott
>>>>
>>>>
>>>> _______________________________________________
>>>> ncl-talk mailing list
>>>> List instructions, subscriber options, unsubscribe:
>>>> http://mailman.ucar.edu/mailman/listinfo/ncl-talk
>>>
> _______________________________________________
> ncl-talk mailing list
> List instructions, subscriber options, unsubscribe:
> http://mailman.ucar.edu/mailman/listinfo/ncl-talk

_______________________________________________
ncl-talk mailing list
List instructions, subscriber options, unsubscribe:
http://mailman.ucar.edu/mailman/listinfo/ncl-talk
Received on Fri Jul 15 12:09:06 2011

This archive was generated by hypermail 2.1.8 : Mon Jul 18 2011 - 15:57:57 MDT