Add Gerbi's test instance of omero

[haesleinhuepf]

https://omero-training.gerbi-gmb.de/

[haesleinhuepf]

Hi @joshmoore @rmassei ,

if one accesses the Gerbi Omero server via API, does one need username/password? Is there a publicly available user, e.g. with read-access only?

Thanks!

Best, Robert

[joshmoore]

OMERO's public access works by hard-coding a special user name and password on the server-side. A site can decide to publish these as we've done with the IDR. It does put the server somewhat at risk. (In the case of the IDR, this is managed by having 2 OMERO's read-only just for API access and 2 more just for the web users all in addition to the main read-write server.)

see also: https://omero-tim.gerbi-gmb.de/webclient/

cc: @Tom-TBT

[Tom-TBT]

The purpose I see for omero-training is to use during workshops, teaching, ..., so there wouldn't be an issue giving out credentials to access OMERO server via API (temporary accounts for the attendees).

For the trainers, we have made accounts that trainers can keep and use to prepare their workshops (I trust that they won't suddenly bombard my server with TB of data).

In the case of omero-tim however, we could make it a read-only server, and give out credentials to access it via API.

[haesleinhuepf]

Thanks for the feedback! I would like to create some self-training materials where I would need to publish username and password. Otherwise random people from the internet cannot try out the Omero API. Does this seem feasible?

[Tom-TBT]

Thinking about it, not being able to write stuff sounds annoying (not being able to save ROIs, images, tables, ...). But setting up a server with write permission on a public server is tricky.

So we could do two things. First, a read-only mode, so you can get started:

• Have an account for everyone, with data, in a read-only group
• Data belongs to the group owner (no annotation to the data possible)
• Data is blocked for upload by setting read-only in the OMERO folder of that user

Option two that would take more time to set up (especially the time to think of how that would work):

• Have multiple accounts (20? 50?) in a private group (so only the person uploading can see what is put there).
• Need a mechanism to request account automatically
• • request the account on a webpage, or to an email address?
• • send the password of a user from the available pool
• • account available for X hours
• • after X hours, closing all sessions of that user, change the password, clean up of that user's data, user back in the pool
• We could set an upload quota (1-10 GB) with something like this: https://stackoverflow.com/a/8148831/10712860

Am I overthinking the second option? Is there a simpler way @joshmoore?

[joshmoore]

I would like to create some self-training materials where I would need to publish username and password. Otherwise random people from the internet cannot try out the Omero API. Does this seem feasible?

If it's truly training only, we could probably make a big button, "make me a password". ;)

• Need a mechanism to request account automatically

That's what demo.openmicroscopy.org does.

Am I overthinking the second option?

Not really. You right that one does need to be careful about attacks. The strategy we take with demo is just to reserve the right to delete it periodically. So far there has been ... little abuse.

[haesleinhuepf]

I think an upload option is not necessary. We could show the code dor this and say "this would work on your installation". Downloading data and analyzing it is more important IMO 🌞

[joshmoore]

Oddly enough if you have API, you can upload 🤷‍♂️

[Tom-TBT]

True. If anything should end up in another folder other than ManagedRepo, I cannot filter it.