Monday, June 14, 2010

WebDAV as a Web Service for Non-Specialists

One question that has been raised about the WSTIERIA project has been how to make the facade technique more accessible and intelligible to potential users who are not geospatial specialists, given that the source of the work, and therefore the original examples, were from that particular domain.

During discussions with the SDSS team at EDINA, one possibility that came up was to think about trying to use the facade technique to make federated authentication work with WebDAV. For those not familiar with it, WebDAV allows a web server (such as Apache) to make a directory tree on the server's host system accessible to remote clients via an XML-based web protocol. One of the attractive properties of WebDAV is that clients for the protocol come built in to common desktop operating systems, including Linux and Windows. In both systems, the client presents a web directory using the same user interface as if it was a directory in the local file system. Also, WebDAV servers are available as plug-in components for both Apache and Windows IIS. The combination of standard servers and clients would allow anyone interested to experiment with adding federated access.

Additionally, such a facility might be of practical use. Consider a directory of shared files that are too large to e-mail conveniently but should not be made public. It might be possible using WebDAV plus federated authentication to make these available to selected users via their existing federated access credentials. A specific approach to this problem has been discussed on the JISC-SHIBBOLETH list in the past but we wanted to see if our general technique could tackle it.

We duly set off down the road of attempting to add a federated authorisation facade in front of a WebDAV server and have now published WSTIERIA Technical Note 2 describing our experiences.

The result was something of a mixed bag. On one hand, we did browbeat both Linux and Windows clients into accessing an Apache WebDAV server via a very simple federated authentication facade within the UK Federation. On the other hand, only partial client functionality was supported: opening, viewing, creating and deleting files in the web directory. Some peculiarities of the WebDAV protocol prevented the use of the general facade technique from technical note 1 unmodified for creating directories and some other operations involving renaming. A different implementation specific to the WebDAV protocol (such as the one linked to above) should be able to handle those issues but we did not take that additional step as our main interest is in authorisation for web services in general.