1 / 7

Enhancing User Attribute Management in Research Collaborations through Federated Identity Protocols

This discussion explores the complexities of managing user authentication and authorization in research collaborations within the CLARIN infrastructure. It emphasizes the need for coherent user attribute provisioning and the challenges faced due to varying interpretations of federation requirements and legalities. The presentation will cover how community-based attribute stores can enhance collaboration among researchers, facilitate interdisciplinary access, and address security and privacy issues. Furthermore, it highlights the need for governance of attribute providers to streamline user identity management.

ayame
Télécharger la présentation

Enhancing User Attribute Management in Research Collaborations through Federated Identity Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics

  2. User attributes • Of course there the model of separating authentication from authorization; of identity and attributes • This does not mean that there should be always different organizations taking care of authentication and user attributes • In CLARIN AAI a user organization provides: • Authentication • Set of ‘real’ user attributes: mail, affiliation, … • attributes best left to the user organization • Traditional attributes as from eduPerson, schac

  3. Attributes for Communities • Specific attributes for research communities: • Signed the CoC • ‘ trustworthy’ researcher • Research profile information • IdP providers within a community are not consistent and need compensation by a ‘community’ attribute store • Different interpretation of federation requirements • (Different interpretation of) legalities • Sheer confusion • Unlikely these attributes find a place in the users home organization’s IdP • So external attribute provider under control of a community organization? • How does this scale?

  4. Attributes for research collaborations • When researchers collaborate we facilitate this by specific roles. Suppose we have a collaboration ‘A’ • GroupA_rw_user -> user_d, user_e, user_f • GroupA_ro_user -> user_g, user_h • GroupA_manager-> user_f • Roles give access to data and services • Collaborations can be interdisciplinary if these user attributes are made available to the different communities • But where to store them • National science organizations? • International embedding?

  5. Attributes for authorization • We can grant access based on ‘standard’ attributes as ‘affiliation’ or ‘o’ or • … grant access on the basis of eduPersonEntitlement • Does not scale in a federation • MPG-AAI: security/privacy issues • would need special attributes as: • rw_access_to_datasetA • unlimited_access_serviceC • push for special (central) auth. attribute providers that are available from different SPs to cater for replicated data and services • Concern about governance of these attribute providers • Community data centers like to be in charge

  6. attribute sources research community community attributes 10^6 home org. attributes attributes 10^4 attributes 10^2

  7. e-infracontext DASISH common SSH metadata catalog CLARIN LT web service infrastructure replication & preservation community specific SSH communities wide - DASISH PID services – EPIC Data Preservation – EUDAT NETWORK Services - GEANT CLARIN DARIAH CESSDA Life Watch Federated Identity Management

More Related