The SRAExample notebook might be a good test for the 'DRS plus Passport' design in that it goes all the way through to using a second DRS server to get results files. Question is, who the passport broker would be for authz for the second DRS server?
The authz one is looking for is likely some construct within the WES server – that construct would be ‘project’ in the SB case – though ultimately the authorization is to access storage owned by that project. Currently getting that authorization is not a problem. The WES instance knows about the relationship internally – so authentication to the DRS server, using the same credentials as for the WES, gives you access to the files.
Answering: “who the passport broker would be for authz for the second DRS server?” : it seems to me the 80% answer would be - the passport broker for the WES service. But are Passport brokers for WES servers in scope?
Might be worth running that through the 'DRS plus Passport' design.
The other 20% (a guess) would be where WES is writing the results out to some other DRS server. Haven't seen/tried that yet. Not thinking it's the first urgency. Again seems to me your design would handle it. Not ruling out it should be a test case?
The SRAExample notebook might be a good test for the 'DRS plus Passport' design in that it goes all the way through to using a second DRS server to get results files. Question is, who the passport broker would be for authz for the second DRS server?
The authz one is looking for is likely some construct within the WES server – that construct would be ‘project’ in the SB case – though ultimately the authorization is to access storage owned by that project. Currently getting that authorization is not a problem. The WES instance knows about the relationship internally – so authentication to the DRS server, using the same credentials as for the WES, gives you access to the files.
Answering: “who the passport broker would be for authz for the second DRS server?” : it seems to me the 80% answer would be - the passport broker for the WES service. But are Passport brokers for WES servers in scope?
Might be worth running that through the 'DRS plus Passport' design.
The other 20% (a guess) would be where WES is writing the results out to some other DRS server. Haven't seen/tried that yet. Not thinking it's the first urgency. Again seems to me your design would handle it. Not ruling out it should be a test case?