diff --git a/docker/Makefile b/docker/Makefile
index b2200b1b598828136bb506542e90c0082f1a1451..252a8d50840d84688d829931a38889331555b85b 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -28,7 +28,8 @@ download:
 ast-9.2.9.tar.gz:
 	wget https://github.com/Starlink/ast/files/8843897/ast-9.2.9.tar.gz
 
-.PHONY: warlink
+
+.PHONY: fetchwar
 fetchwar:
 	cp ../data-discovery/target/vlkb-siav2-$(VERSION).war .
 
@@ -36,39 +37,14 @@ fetchwar:
 build: fetchwar
 	docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile .
 
+
 # the docker-login below needed a ca-cert(?) which in the middle of the certificate-chain,
 # but was not automatically downloaded and also local cert/ket pair(?) ->
 # -> see: /etc/docker/certs.d/git.ia2.ianf.it:5050/*
 #
 # docker login git.ia2.inaf.it:5050 (robert.butora C-tol szokasos-hossu)
-# to download: use image: ... in compose.yaml or
-# docker run ... git.ia2.inaf.it:5050/butora/vlkb-datasets/vlkb
-
 publish-locally-siav2:
 	docker tag siav2 git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
 	docker push      git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
 	docker image rm  git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
 
-
-##docker login registry.gitlab.com --> robert.butora xC*n
-publish-remotely-to-ska:
-	docker tag soda registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
-	docker push     registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
-	docker image rm registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
-
-###############################################################################
-#TAG ?= $(VERSION)
-#REMOTE_SODA_IMAGE_NAME = registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(TAG)
-#SODA_IMAGE_NAME = soda:$(TAG)
-# https://gitlab.com/ska-telescope/src/visivo-vlkb-soda/container_registry/3917365
-###############################################################################
-#.PHONY: publish
-#publish:
-#	docker tag $(SODA_IMAGE_NAME) $(REMOTE_SODA_IMAGE_NAME)
-#	docker push $(REMOTE_SODA_IMAGE_NAME)
-#	docker image rm $(REMOTE_SODA_IMAGE_NAME)
-#	@echo "SODA_IMAGE_NAME        : "$(SODA_IMAGE_NAME)
-#	@echo "REMOTE_SODA_IMAGE_NAME : "$(REMOTE_SODA_IMAGE_NAME)
-###############################################################################
-
-
diff --git a/docker/example-compose.yaml b/docker/example-compose.yaml
index ef7e07e1160ea461ee047cf3470fc7f35937d0ed..17f099829f91cf2c84271bbeb4e10d289de5490d 100644
--- a/docker/example-compose.yaml
+++ b/docker/example-compose.yaml
@@ -25,7 +25,7 @@ services:
       - DB_URI=jdbc:postgresql://vlkb-db:5432/vialactea
       - DB_USERNAME=vialactea
       - DB_PASSWORD=ia2vlkb
-      - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_cutout
+      - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/soda
 
 
 volumes:
diff --git a/docker/example-security/README.tex b/docker/example-security/README.tex
index 8352fe1208d9b48fa581a1efdf33eeffa4cd0cc1..ac7adc4d74e5ff9adfca194e38bd19ee7c81231d 100644
--- a/docker/example-security/README.tex
+++ b/docker/example-security/README.tex
@@ -2,30 +2,15 @@
 # notes on security:
 # set volume mapping in compose.yaml: security/ -> /etc/pki/tls/
 # configure port/SSL connector: (path is relative to the dir where compose.yaml is
-# * server-connector.xml : set tomcat connector with certificates
-#    -- ia2 needs SECTIGO
-#    -- iam needs self-signed keystore.jks
-# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)
-# FIXME implement *.properties and server-connector.xml by paramters
+# * server-connector.xml : set tomcat connector with certificates (ia2 needs SECTIGO)
+#
 
 
 
 #### Security
 # SSL-certificates are site-dependent and must be regularly updated:
-# vlkb-cutout expects them in /etc/pki/tls
-#
-# map volume: ./security:/etc/pki/tls:z,ro
+# vlkb-soda expects them in /etc/pki/tls
 #
-# ia2token: 
-#  auth.propeties
-#  authpolicy.properties
-#  server-connector.xml
-#  SECTIGO/*
+# map volume: ./security:/etc/pki/tls:ro
 #
-# iamtoken:
-#  iamtoken.properties
-#  server-connector.xml
-#  keystore.jks
-#
-
 
diff --git a/docker/example-security/garrtoken/keystore.jks b/docker/example-security/garrtoken/keystore.jks
deleted file mode 100644
index 57c469584925bdc3de5f6919123d67c5a3189560..0000000000000000000000000000000000000000
Binary files a/docker/example-security/garrtoken/keystore.jks and /dev/null differ
diff --git a/docker/example-security/garrtoken/neatoken.properties b/docker/example-security/garrtoken/neatoken.properties
deleted file mode 100644
index 839e15d714346acd080d3bc7474dc164e97a4af8..0000000000000000000000000000000000000000
--- a/docker/example-security/garrtoken/neatoken.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-
-# certificates endpoint
-jwks_url=
-
-# account created for the service
-resource_id=
-
-# username for non-authenticated requests
-non_authn_username=anonymous
-
diff --git a/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks b/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
deleted file mode 100644
index 02ca4500189bcdf839f61eb03958e8284c4c9205..0000000000000000000000000000000000000000
--- a/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
+++ /dev/null
@@ -1,11 +0,0 @@
-   <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
-        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
-        <SSLHostConfig>
-            <Certificate certificateKeyAlias="tomcat"
-                         certificateKeystoreFile="/etc/pki/tls/keystore.jks"
-                         certificateKeystorePassword="tomcatskassl"
-                         type="RSA" />
-        </SSLHostConfig>
-   </Connector>
-
diff --git a/docker/example-security/ia2token/auth.properties b/docker/example-security/ia2token/auth.properties
deleted file mode 100644
index c9c8aee27f0017b03a10a17896236eae4a93a018..0000000000000000000000000000000000000000
--- a/docker/example-security/ia2token/auth.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-rap_uri=https://sso.ia2.inaf.it/rap-ia2
-gms_uri=https://sso.ia2.inaf.it/gms
-client_id=vospace_ui_demo
-client_secret=VOSpaceDemo123
-
-groups_autoload=true
-store_state_on_login_endpoint=true
-scope=openid email profile read:rap
-
-allow_anonymous_access=true
diff --git a/docker/example-security/ia2token/authpolicy.properties b/docker/example-security/ia2token/authpolicy.properties
deleted file mode 100644
index d1d5756218a28b49df6e1f92a8828c9f62c24cac..0000000000000000000000000000000000000000
--- a/docker/example-security/ia2token/authpolicy.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# database for table with permissions
-db_uri=
-db_schema=
-db_user_name=
-db_password=
-
-
diff --git a/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it b/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
+++ /dev/null
@@ -1,11 +0,0 @@
-  <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
-        sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
-               maxThreads="150" SSLEnabled="true">
-         <SSLHostConfig>
-            <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
-                         certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
-                         certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
-                         type="RSA" />
-        </SSLHostConfig>
-    </Connector>
-
diff --git a/docker/example-security/iamtoken/iamtoken.properties b/docker/example-security/iamtoken/iamtoken.properties
deleted file mode 100644
index d275d68bee277ed3450eee1349d4a3a2c48210dc..0000000000000000000000000000000000000000
--- a/docker/example-security/iamtoken/iamtoken.properties
+++ /dev/null
@@ -1,13 +0,0 @@
-
-# certificates endpoint
-#jwks_url=
-introspect=
-client_name=
-client_password=
-
-# account created for the service
-resource_id=
-
-# username for non-authenticated requests
-non_authn_username=anonymous
-
diff --git a/docker/example-security/iamtoken/keystore.jks b/docker/example-security/iamtoken/keystore.jks
deleted file mode 100644
index 57c469584925bdc3de5f6919123d67c5a3189560..0000000000000000000000000000000000000000
Binary files a/docker/example-security/iamtoken/keystore.jks and /dev/null differ
diff --git a/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks b/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
deleted file mode 100644
index 02ca4500189bcdf839f61eb03958e8284c4c9205..0000000000000000000000000000000000000000
--- a/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
+++ /dev/null
@@ -1,11 +0,0 @@
-   <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
-               maxThreads="150" SSLEnabled="true" >
-        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
-        <SSLHostConfig>
-            <Certificate certificateKeyAlias="tomcat"
-                         certificateKeystoreFile="/etc/pki/tls/keystore.jks"
-                         certificateKeystorePassword="tomcatskassl"
-                         type="RSA" />
-        </SSLHostConfig>
-   </Connector>
-