1 / 7

User Attributes; who, where, how many?

User Attributes; who, where, how many?. Daan Broeder TLA – MPI for Psycholinguistics. User attributes. Of course there the model of separating authentication from authorization; of identity and attributes

ayame
Download Presentation

User Attributes; who, where, how many?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics

  2. User attributes • Of course there the model of separating authentication from authorization; of identity and attributes • This does not mean that there should be always different organizations taking care of authentication and user attributes • In CLARIN AAI a user organization provides: • Authentication • Set of ‘real’ user attributes: mail, affiliation, … • attributes best left to the user organization • Traditional attributes as from eduPerson, schac

  3. Attributes for Communities • Specific attributes for research communities: • Signed the CoC • ‘ trustworthy’ researcher • Research profile information • IdP providers within a community are not consistent and need compensation by a ‘community’ attribute store • Different interpretation of federation requirements • (Different interpretation of) legalities • Sheer confusion • Unlikely these attributes find a place in the users home organization’s IdP • So external attribute provider under control of a community organization? • How does this scale?

  4. Attributes for research collaborations • When researchers collaborate we facilitate this by specific roles. Suppose we have a collaboration ‘A’ • GroupA_rw_user -> user_d, user_e, user_f • GroupA_ro_user -> user_g, user_h • GroupA_manager-> user_f • Roles give access to data and services • Collaborations can be interdisciplinary if these user attributes are made available to the different communities • But where to store them • National science organizations? • International embedding?

  5. Attributes for authorization • We can grant access based on ‘standard’ attributes as ‘affiliation’ or ‘o’ or • … grant access on the basis of eduPersonEntitlement • Does not scale in a federation • MPG-AAI: security/privacy issues • would need special attributes as: • rw_access_to_datasetA • unlimited_access_serviceC • push for special (central) auth. attribute providers that are available from different SPs to cater for replicated data and services • Concern about governance of these attribute providers • Community data centers like to be in charge

  6. attribute sources research community community attributes 10^6 home org. attributes attributes 10^4 attributes 10^2

  7. e-infracontext DASISH common SSH metadata catalog CLARIN LT web service infrastructure replication & preservation community specific SSH communities wide - DASISH PID services – EPIC Data Preservation – EUDAT NETWORK Services - GEANT CLARIN DARIAH CESSDA Life Watch Federated Identity Management

More Related