Authorisation Requirements: A Data Centre Perspective - PowerPoint PPT Presentation

1 / 19

About This Presentation

Title:

Authorisation Requirements: A Data Centre Perspective

Description:

(with thanks to Sandy Shaw & Alison Bayley. and apologies to Sean Dunn & Terry Morrow) ... initially conceived for NISS services, adapted for BIDS ISI, then ... – PowerPoint PPT presentation

Number of Views:38

Avg rating:3.0/5.0

Slides: 20

Provided by: claudia86

Category:

more less

Transcript and Presenter's Notes

Title: Authorisation Requirements: A Data Centre Perspective

1
Authorisation Requirements A Data Centre
Perspective

Peter Burnhill
EDINA - a JISC Data Centre
(with thanks to Sandy Shaw Alison Bayley
and apologies to Sean Dunn Terry Morrow)

2
History

Each data centre developed own procedures
JIGGLE Project recommends common scheme of
registration IDs
Development of Athens
initially conceived for NISS services, adapted
for BIDS ISI, then adopted as JISC-funded central
service to HEIs
Data centres move to 'Athens-compliance' for
access to national services
Tension between 'group' 'individual' accounts
and requirements of HEIs and service providers
Decision to form JCAS and develop SPARTA

3
Continuing issues

1. Demands of DNER/inter-operability
ease move of end-users along DiscoverLocateReque
stAccess chain
2. Review of security and authentication
JISC fund 'Scoping Study on Authentication'
(S.Shaw)
3. Authorisation ('Licencing') as discrete
problem
Assoc. of Subsc. Agents consider series of
proposals for sharing information on Licence
Status ('Authorisation')

4
Information on Agreements about Journals is
authoritatively held by those who act as
Subscription Agents
Institution
Journal
Agreement
Subscription Agent
5
1. DNER Interoperability

model of end-user behaviour
Discover (existence of resource)
Locate (existence of service on resource)
Request
by privilege of institutional ( other)
membership
Access
by types of user, for types of uses
model of service provision
portals brokers
service delivery organisations
special demands of inter-operability

6
2. Basic security model

The Source of Authority for authentication is the
users institution
membership status
The Source of Authority for authorisation is the
licensing authority for the service/resource
licence status
A potential user must satisfy both authentication
and authorisation conditions in order to gain
access to a licensed DNER service/resource.

7
3. Authorisation Rights Services

Rights Holders may grant rights (via Licensing
Authority) to
Play/View Copy/Download Amend/Combine
Re-distribute
Re-sell Rights on above
Individuals seek licensed services, by virtue of
payment of money
privilege of membership
Service organisations require licenses in order
to offer services to customers (Institutions)
Institutions require licenses in order to allow
certain types of use by their members
students members or customers?

8
Source of Authority about Agreements is a
designated Licencing Authority
Institution
Resource
Licence
Licensing Authority
9
Data Centes

What they are
What they do
What they want

10
What are (JISC) Data Centres?

BIDS, EDINA MIMAS
bricks in the wall of the UK virtual library
What do they do?
'common services' for UK FHE on licensed
resources
A special class of data service provider
other JISC-designated DSPs
other non-JISC DSPs

11
What do (JISC) Data Centres want?

High regard as 'trusted third parties'
by rights-holders, funding bodies, subscribers,
end-users
Assurance that a given user has sufficient
authority to make use of a given service
Facilities to do what is asked of them
monitoring reporting usage
subscriber profiling
end-user profiling

12
Data Centre Rôles

1. Content delivery agent
responsibility for verifying authentication and
authorisation with external authorities
no responsibility for maintaining that
information
2. Licensing authority
responsibility for issuing licences and acting as
the source of authority on licence status for the
resource.
BIDS (as ingenta), EDINA MIMAS have joined
Assoc. of Subscription Agents as Electronic
Intermediaries

13
Other overlapping rôles
14
Authentication

A user is authenticated as a member of an
institution by demonstrating the possession of
credentials granted by it.
How is this is currently demonstrated
IP address
ATHENS credentials
token exchange
individual registration

15
Authorisation

A user is authorised to use a resource if this
right has been indicated by the licensing
authority.
This is currently indicated through systems that
combine authorisation authentication
ATHENS registration
individual registration at service provider (that
also acts as licensing authority)

16
Authorisation (II)

Central problems include the appropriate copy,
and inter-operability requirements of 'portal'
operation.
Approaches
authorisation enquiry directed to publishers
sites
can DOI be used to address more than rights
originator?
use of licensing authority tables
use of licence records locally institution
will SFX do it all?
access by assertion, with post hoc validation
Shibboleth?
Sparta?

17
Data Centre concerns

Authentication that is practical for the wide
variety of institutions to administer
could some F/HEIs (continue to) contract out
Authentication?
Authorisation that does not attempt
authentication is fit for purpose
Systems that allow each Data Centre to carry out
roles
1. as data service provider
including access to information about subscribers
and end-users for profiling service refinement,
but scholar privacy data protection?
2. as licensor
managing authorisation data
Respect for confidentiality of business
information
usage statistics (MAU vs. Athens) licensing data