Global service design

The global design of the system:

There are 3 main components:

• The database
• The backend
• The frontend

The main properties of these components.

1) The Database is only accessed from the backend server (currently, using JDBC connections).

2) The backend is accessible only through the API of web-services.

3) The frontends talk with the backend also using the web-services (SOAP).

4) Some web-services of the backend could (and will) be made public (like skynode web-services) and in that case the frontend will just forward everything to the backend (through the virtual directory of the web-server (e.g SOAP requests to http://xxx.xxx/services/.. will be proxied to backend machine))

In principle, other VO web-services need not to be seat on the same backend server as CAS backend and can talk with it also using SOAP. (this could be implemented, but for me now it seems probably too complex)

Authentification notes:

Our system should be ready to handle multiuser situation. Why? Our general goal is to create the system of query executions in some sense (to allow to different users to create their own small tables, cross-match them with ours, retrieve them). So certainly such a system should use the authentification.

• Certainly some part of the authentification should occur on the level of DB (to have the possibility to hidden some catalogues and tables from the user. So in principal the connections to the DB should occur through different DB users.
• Some part of the authentification should occur on the backend probably, since we will have a lot of machinery in the backend which can be restricted sometimes.
• How the authentification on the WEB and CAS authentification relates to each other ? The current understanding is that after logging in the frontend server, the user is considered authentified and all the SOAP requests to the backend will go with the "signature" of that user. And the backend will connect to the DB using the connection of that user. Currently there is no clear understanding whether we will need some mapping between CAS users and users in the DB, and how to organize that in the best way.

KS