- Ensure that users' personal query results are not accessible by others
- Implement existing requirements; avoid the use of security-by-obscurity
Background and strategic fit
- Provide access control (e.g., requirement for authorization headers) for the results (and error) objects generated in TAP queries
Note that this is a more general problem for all Rubin UWS services that return results, and should probably be solved at that layer of the stack.
Whatever strategy is adopted will have to be shown to be workable with the required (Pyvo and Rubin Portal) and highly desirable (TOPCAT) supported clients.
User interaction and design
Below is a list of questions to be addressed as a result of this requirements document: