Presentation on theme: "User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics."— Presentation transcript:
User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics
User attributes Of course there the model of separating authentication from authorization; of identity and attributes This does not mean that there should be always different organizations taking care of authentication and user attributes In CLARIN AAI a user organization provides: Authentication Set of ‘real’ user attributes: mail, affiliation, … attributes best left to the user organization Traditional attributes as from eduPerson, schac
Attributes for Communities Specific attributes for research communities: Signed the CoC ‘ trustworthy’ researcher Research profile information IdP providers within a community are not consistent and need compensation by a ‘community’ attribute store Different interpretation of federation requirements (Different interpretation of) legalities Sheer confusion Unlikely these attributes find a place in the users home organization’s IdP So external attribute provider under control of a community organization? How does this scale?
Attributes for research collaborations When researchers collaborate we facilitate this by specific roles. Suppose we have a collaboration ‘A’ GroupA_rw_user -> user_d, user_e, user_f GroupA_ro_user -> user_g, user_h GroupA_manager -> user_f Roles give access to data and services Collaborations can be interdisciplinary if these user attributes are made available to the different communities But where to store them National science organizations? International embedding?
Attributes for authorization We can grant access based on ‘standard’ attributes as ‘affiliation’ or ‘o’ or … grant access on the basis of eduPersonEntitlement Does not scale in a federation MPG-AAI: security/privacy issues would need special attributes as: rw_access_to_datasetA unlimited_access_serviceC push for special (central) auth. attribute providers that are available from different SPs to cater for replicated data and services Concern about governance of these attribute providers Community data centers like to be in charge
attribute sources home org. community research attributes 10^2 10^4 10^6 community attributes
PID services – EPIC SSH communities wide - DASISH common SSH metadata catalog community specific community specific CLARIN LT web service infrastructure NETWORK Services - GEANT Federated Identity Management Data Preservation – EUDAT replication & preservation e-infra context CLARINDARIAHCESSDALife Watch DASISH