Comments (7)
@brucehoff, as I understand WES API does intend to be used by multiple users. As shown in the current Swagger specification, here is an example of ErrorResponse for unauthorized operation. So, I think it's clear that there should be an authentication/authorization process before a user can call the API endpoints properly.
Indeed, it could be more explicitly documented. Perhaps for example, in this /workflows
GET operation, the summary could add something more specific that only workflows are authorized for the current user will be returned.
I feel the same way that access control could be left to the implementers to decide how to handle, and WES specification should be focused on core functionalities.
from workflow-execution-service-schemas.
@brucehoff in an implementation i did, i tried a layered approach. the workflow engine ran on a server, it took requests to start workflows and returned a token that could be used to access that workflow through that workflow API. whoever called to start the workflow then was responsible for managing that workflow through the token. so on a different server i implemented a workflow 'user' task, potentially multiple user servers could then use that workflow server
from workflow-execution-service-schemas.
@mdmiller53 under your approach I wonder how the 'list all workflows' API would work. E.g., if there are 100 workflows running, but just 5 for you (and so you have 5 'tokens') then are you able to 'list all workflows' and see just your 5? How you pass the 5 tokens via HTTP?
from workflow-execution-service-schemas.
@brucehoff @mdmiller53 You'd need to return just the 5. The GA4GH security group is in the process of speccing out an authn/authz scheme which we'll be expected to fold into WES.
from workflow-execution-service-schemas.
After a number of discussions, it seems that multitenancy with WES can be enabled through a variety of configurations. While these different scenarios don't necessarily need to be included in the spec, we should provide examples in the documentation.
from workflow-execution-service-schemas.
@jaeddy can we close this as something that is up to the implementor and not specifically needed in the spec? there is general terminology currently in the spec about seeing only runs a user has access to, but I would be hesistant to have stronger language around multi-tenancy then that
from workflow-execution-service-schemas.
@patmagee I think that makes sense. This feels more in the domain of the starter kit efforts, and could eventually make its way into WES documentation (user guides, tutorials, etc.), but I don't see a strong need for having it be part of the spec.
from workflow-execution-service-schemas.
Related Issues (20)
- Add API call for workflow and inputs validation HOT 2
- Support passing TRS URIs to workflow_url HOT 4
- Input and Output Format Specification HOT 22
- Migrate build docs over to github actions
- Semantics of error states ambiguous HOT 2
- CWL: support for uploading (private) containers HOT 12
- Add Workflow engine and version to RunWorkflow parameters HOT 11
- WES API clients HOT 1
- Separate default engine parameters for different engines in the service info HOT 2
- Proposal: New WES State for Preemption HOT 1
- Optional ServiceInfo on supported workflows HOT 10
- No tag/release for version 1.0.1 HOT 24
- Versioned documentation
- Default branch & release model HOT 4
- Integrate OpenAPI validator into CI
- Field for run/task error messages (beyond stderr) HOT 8
- Workflow file authorization HOT 6
- Rerun workflows HOT 3
- Add unique identifier and additional information to tasks HOT 12
- In which field of the wes interface should the logs of the Cromwell engine and the tes server be reflected? HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from workflow-execution-service-schemas.