Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.

Similar presentations

Presentation on theme: "User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics."— Presentation transcript:

1 User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics

2 User attributes  Of course there the model of separating authentication from authorization; of identity and attributes  This does not mean that there should be always different organizations taking care of authentication and user attributes  In CLARIN AAI a user organization provides:  Authentication  Set of ‘real’ user attributes: mail, affiliation, …  attributes best left to the user organization  Traditional attributes as from eduPerson, schac

3 Attributes for Communities  Specific attributes for research communities:  Signed the CoC  ‘ trustworthy’ researcher  Research profile information  IdP providers within a community are not consistent and need compensation by a ‘community’ attribute store  Different interpretation of federation requirements  (Different interpretation of) legalities  Sheer confusion  Unlikely these attributes find a place in the users home organization’s IdP  So external attribute provider under control of a community organization?  How does this scale?

4 Attributes for research collaborations  When researchers collaborate we facilitate this by specific roles. Suppose we have a collaboration ‘A’  GroupA_rw_user -> user_d, user_e, user_f  GroupA_ro_user -> user_g, user_h  GroupA_manager -> user_f  Roles give access to data and services  Collaborations can be interdisciplinary if these user attributes are made available to the different communities  But where to store them  National science organizations?  International embedding?

5 Attributes for authorization  We can grant access based on ‘standard’ attributes as ‘affiliation’ or ‘o’ or  … grant access on the basis of eduPersonEntitlement  Does not scale in a federation  MPG-AAI: security/privacy issues  would need special attributes as:  rw_access_to_datasetA  unlimited_access_serviceC  push for special (central) auth. attribute providers that are available from different SPs to cater for replicated data and services  Concern about governance of these attribute providers  Community data centers like to be in charge

6 attribute sources home org. community research attributes 10^2 10^4 10^6 community attributes

7 PID services – EPIC SSH communities wide - DASISH common SSH metadata catalog community specific community specific CLARIN LT web service infrastructure NETWORK Services - GEANT Federated Identity Management Data Preservation – EUDAT replication & preservation e-infra context CLARINDARIAHCESSDALife Watch DASISH

Download ppt "User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics."

Similar presentations

Ads by Google