GenomeSpace and Single Sign-On

GenomeSpace attempts to minimize sign-ons but does not have true single sign on (yet).  Currently it's more of a dual-sign on system.  Web applications can sign on using the GenomeSpace OpenID provider.  Desktop applications can sign on using the Java CDK. These two systems do not yet communicate with each other due to technical limitations.  Specifically, the OpenID protocol requires the ability for an OpenID provider to be able to establish a secure HTTP connection to a client.  For desktop applications this is frequently not possible due to organizational firewalls.  The CDK shares login via storage of a token (like a browser cookie) on the client machine. Web applications are prevented (rightly) by the browsers from accessing files on the client machine and therefore they can't use this mechanism either.  As a result the GenomeSpace tools use one of these two systems:

  • OpenID:  Galaxy, GenePattern, InSilico DB, GenomeSpace user interface
  • CDK:  Cytoscape, Genomica, the Integrative Genomics Viewer (IGV)

The UCSC Table Browser is different in that it is not using OpenID, instead relying on the same protocol as the CDK, but without the ability to share the token with other applications.  Therefore for the time being, users must log into UCSC separately.

Future posts will include updates on our efforts to establish a single sign-on across GenomeSpace tools.