[OSLC] Root Services vs Service Provider Catalog

Steve K Speicher sspeiche at us.ibm.com
Mon Jan 4 09:58:19 EST 2010

Ferran Rodenas <frodenas at gmail.com> wrote on 12/23/2009 06:35:14 PM:
> Some questions about discovery services and security:
> 1) Are there any plans to create an OSLC specification similar to 
> the JF Root Services specification (https://jazz.net/wiki/bin/view/
> Main/RootServicesSpec)? If not, which is the standard mechanism to 
> discover services offered by a tool? Clients MUST point directly to 
> the desired Service Provider Catalog (CM, QM, RM, ...)?
As more topics have come on line and producing 1.0 versions of 
specifications, there is a growing need for this at OSLC.  We have started 
to collect some of these common requirements but we have no firm plans of 
yet to provide such a mechanism.

So the current standard mechanism is the consumer most some how know the 
URL for the service provider catalog or document: email, chat, additional 
wrapper spec (JF root services), etc.

> 2) In this scenario, how consumers deal with security? The Service 
> Provider Catalog Specification 1.0 says that access to a service 
> provider catalog resource MAY be protected, and the CM Rest API 1.0 
> says that service providers SHOULD support HTTP basic authentication
> and/or OAuth. But, how consumers knows which authentication methods 
> are supported by the service provider? In the JF Root Services, at 
> least, there are some Oauth properties.

In CM v1.0 we decided (as you noticed) is leave it open.  You have to rely 
on some external mechanism like the JF Root Services model to discover or 
you can rely on HTTP 401 challenges or other established model that the 
consumer knows about (eg vendor-specific form-based auth).

As we keep pulling in more topic areas, vendors and experience from these 
integrations, we'll work towards driving these issues forward.

Steve Speicher | IBM Rational Software | (919) 254-0645
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://open-services.net/pipermail/community_open-services.net/attachments/20100104/44594a9a/attachment-0003.html>

More information about the Community mailing list