The tools of the Trusted Third Party are increasingly known and used within the community. More and more consortia, sites and projects have consciously decided to use E-PIX, gICS and gPAS to implement their individual application scenarios. We are very pleased about this.
We have received numerous technical and organizational questions about the setup and operation of our tools over the last months. Of course, this also included hosting and consulting inquiries, which we have are happy to answer individually.
In order to bundle this consulting service and at the same time give all users the opportunity to get to know each other and share experiences, we have created the TTP Community.
The TTP Community Dialogue:
- provides a central point of contact for user questions.
- helps to better understand the background of our tools and to find necessary answers together with the developers.
- creates the basis for a jointly built FAQ.
- requires personal registration for the web conference and, if necessary, submission of questions in advance.
The next THS Community Dialogue will be on request.
Questions asked so far
Here you will find a categorized selection of questions and answers from previous TTP Community Dialogue sessions. If you still have questions, simply register for the next dialogue.
There are different approaches to giving users and systems access to our tools (authentication) and assigning them appropriate rights and roles (authorization).
Authentication and authorization
Since gICS 2.11.0 and gPAS 1.9.1, two Docker Compose variants of each tool are made available via Github: a standard and web-auth version.
- gICS Web-Auth-Version: https://github.com/mosaic-hgw/gICS/tree/master/docker/web-auth
- gPAS Web-Auth-Version: https://github.com/mosaic-hgw/gPAS/tree/master/docker/web-auth
- E-PIX Web-Auth-Version: work in progress
The web-auth version provides authentication and authorization mechanisms for the tools‘ web interface. Users must log in using a username and password to use the tool. Depending on the assigned role, they contain different authorizations. Authorization can be used across tools. For example, the same person can be a standard user for E-PIX and an admin user for gICS.
Details about the installation and usage of the web-auth versions can be found here:
This includes an overview of user groups, default users and passwords, an overview of roles and permissions in the web interface, and HowTos for managing users, roles and permissions via MySQL and Docker EXEC.
Note: Options for including KeyCloak are currently being evaluated.
Recommendations for securing E-PIX, gPAS and gICS application servers
Access to relevant application and database servers of the Trusted Third Party tools should only be possible for authorized personnel and via authorized endpoints.
We recommend implementing the following IT security measures:
- Operation of relevant servers in separate network zones (separate from research and utility networks).
- Use of firewalls and IP filters
- Access restriction an URL level with Basic Authentification (e.g. with NGINX or Apache)
Yes and yes.
To make the development status of our tools from funded projects, such as the DFG projects MOSAIC and MAGIC, permanently available to the former funding bodies, we use the publicly accessible GitHub (e.g. https://github.com/mosaic-hgw/gICS ).
Within the Trusted Third Party, we coordinate our development work via GitLab and ensure the continuous quality of the work using SonarQube.
We have published our tools under AGPLv3 license. Consequently, making the source code available is basically possible.
On request we grant access to current source code directly via GitLab. Please use our contact form for this.
In short: Yes.
We generally allow and welcome active collaboration on our tools.
Of course, we maintain separate GitLab projects for each tool and always implement new features in separate branches. In doing so, we pay attention to uniform quality specifications and optimal test coverage. We are supported in this by SonarQube.
Once the new code has been formally quality-checked and tested, a final content validation of the implementation takes place.
If all parties involved are satisfied with the result, the new feature will be included into the official master and becomes a future component of our tools.
We provide the necessary access to the GitLab on request via our contact form.
Upon request, you can get access to TTP GitLab and independently report Bugs for the selected tool. GitLab will automatically keep you informed about future developments on the bug you reported.
Of course, it is also possible to present new ideas for features and coordinate a possible course of action with us.
Just use our contact form.