Allow certificate-based Metacat administration
As we move toward the DataONE API where the MN does not provide identity and authorization services, perhaps the Metacat administrative functions should also follow suit. This would be a pretty large change for our users, but ultimately will simplify things so that we are not using two different identity/auth schemes to manage a single server.
In cases where the Metacat administrator did not have a useable (CILogon) identity we cold provide a utility to generate a client certificate for administrative use (or something akin to this). Ultimately this would need to be available in a browser UI where the bulk of our admin/config is performed.
Updated by ben leinfelder about 10 years ago
We could probably have the LDAP and certificate-based auth schemes coexist for some time. Would take some doing in the main request handlers to figure out exactly what the request was carrying and whether or not to trust it, but I have hope for this approach in the interim as we deprecate the Metacat API.