VOResource Erratum 1: Re-enable multiple security methods per interface

Author: Markus Demleitner

Date last changed: 2019-02-05

Date accepted: Not yet accepted

Rationale

In VOResource 1.0, an interface element could have multiple securityMethods. When VOResource 1.1 was written, it appreared that common deployments of authenticated services would in general use different access URLs for different authentication methods (which is what securityMethod describes). Since no records actually used securityMethod (let alone multiple securityMethods) at that time, in the interest of keeping the relational mapping as close to the actual model as possible it was decided to change the relation to a 1:1 one.

Later implementation experience now suggests that most authentication techniques deployers actually want to use work on a common endpoint URL, and that actual implementations make use of this fact in order to keep the handy notion of the access URL of a service, a notion popular with many VO users.

It seems unreasonable to keep VOResource documents from clearly expressing the fact that a certain capability is exposed on one URL. Since multiple authentication technologies can still be employed on each interface, we have to return to the 1:n relationship between interface and securityMethod.

Erratum Content

In the schema (VOResource-v1.1), the following two lines:

         <xs:element name="securityMethod" type="vr:SecurityMethod"
                     minOccurs="0" maxOccurs="1">

are changed to

         <xs:element name="securityMethod" type="vr:SecurityMethod"
                     minOccurs="0" maxOccurs="unbounded">

In the VOResource 1.1 REC document, the following changes are made:

• PDF p. 36 in "vr:Interface Type Schema Definition": replace macOccurs="1" with maxOccurs="unbounded" in the xs:element for securityMethod.
• PDF p. 37, in "Occurrence" of the "Element securityMethod": Add "multiple occurrences allowed" after "optional".
• PDF p. 40, first bullet point ("interface now only allows zero or one securityMethod elements..."): The entire bullet point is removed.

Impact Assessment

The change loosens a restriction; hence, no registry documents will become invalid through this change.

On the consumer side, the change retracted here was intended to simplify implementation of RegTAP 1.1. RegTAP 1.1 is still under review as this erratum is being written in hence can easily be changed to cope with this erratum.