1 / 9

Access Management and Security WG

Access Management and Security WG. Andrew Cormack Chief Regulatory Adviser, Janet @ Janet_LegReg. Unofficial high level aims. With thanks to David F: Identify common requirements Reuse existing stuff where we can Guide development of new stuff where efficient Use “specials” when needed.

vachel
Download Presentation

Access Management and Security WG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Management and Security WG Andrew Cormack Chief Regulatory Adviser, Janet @Janet_LegReg

  2. Unofficial high level aims With thanks to David F: • Identify common requirements • Reuse existing stuff where we can • Guide development of new stuff where efficient • Use “specials” when needed

  3. Common user life-cycle? This is me Here’s my team Use service May I use?

  4. Delegated Authentication If needed, link ‘me’ to #ID# etc. Linked account Login If needed & available, get 3rd party validation Authenticated as #ID# Authentication policy promises e.g. Policy enforcement e.g. Revocation time e.g. Credential strength

  5. Authentication policy • Probably common to many e-Infrastructures • Need to agree it with organisation you’re delegating to • Easiest if they’re doing it already • Otherwise need to persuade them it’s worth it • HE employers can probably already provide • Persistent identifier + accountability when required • Unique, opaque, identifier • Authenticated by username/password • Revoked when person leaves • Hold person accountable for reported policy breaches • Getting more likely to need individual negotiations • How many organisations do users belong to? • Do you have users with no organisation? • How many different policies do we need?

  6. Other Policies • Infrastructure Policy • Who uses this infrastructure, for what • Probably unique to each infrastructure • May have common headings? • Data Policy • Who uses this dataset, for what • Includes regulatory, ethical, commercial issues • May be common to a discipline • But maybe unique to the dataset

  7. Other possible areas of WG interest • Workflow • Maybe orthogonal to initial AuthN/AuthZ? • Group management/authorisation tools • Citizen scientists (and other homeless users) • Social login? Part of group management? Other? • Secure operations etc. • Sharing experiences of all of these

  8. Questions • Is this picture wrong? • Do you need more than basic delegated authentication? • What sources of authentication do you need? • Is delegated group management needed? • Can you provide/develop infrastructure & data policies? • What’s missing?

  9. Questions?

More Related