Authorisation Requirements: A Data Centre Perspective - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Authorisation Requirements: A Data Centre Perspective

Description:

(with thanks to Sandy Shaw & Alison Bayley. and apologies to Sean Dunn & Terry Morrow) ... initially conceived for NISS services, adapted for BIDS ISI, then ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 20
Provided by: claudia86
Category:

less

Transcript and Presenter's Notes

Title: Authorisation Requirements: A Data Centre Perspective


1
Authorisation Requirements A Data Centre
Perspective
  • Peter Burnhill
  • EDINA - a JISC Data Centre
  • (with thanks to Sandy Shaw Alison Bayley
  • and apologies to Sean Dunn Terry Morrow)

2
History
  • Each data centre developed own procedures
  • JIGGLE Project recommends common scheme of
    registration IDs
  • Development of Athens
  • initially conceived for NISS services, adapted
    for BIDS ISI, then adopted as JISC-funded central
    service to HEIs
  • Data centres move to 'Athens-compliance' for
    access to national services
  • Tension between 'group' 'individual' accounts
    and requirements of HEIs and service providers
  • Decision to form JCAS and develop SPARTA

3
Continuing issues
  • 1. Demands of DNER/inter-operability
  • ease move of end-users along DiscoverLocateReque
    stAccess chain
  • 2. Review of security and authentication
  • JISC fund 'Scoping Study on Authentication'
    (S.Shaw)
  • 3. Authorisation ('Licencing') as discrete
    problem
  • Assoc. of Subsc. Agents consider series of
    proposals for sharing information on Licence
    Status ('Authorisation')

4
Information on Agreements about Journals is
authoritatively held by those who act as
Subscription Agents
Institution
Journal
Agreement
Subscription Agent
5
1. DNER Interoperability
  • model of end-user behaviour
  • Discover (existence of resource)
  • Locate (existence of service on resource)
  • Request
  • by privilege of institutional ( other)
    membership
  • Access
  • by types of user, for types of uses
  • model of service provision
  • portals brokers
  • service delivery organisations
  • special demands of inter-operability

6
2. Basic security model
  • The Source of Authority for authentication is the
    users institution
  • membership status
  • The Source of Authority for authorisation is the
    licensing authority for the service/resource
  • licence status
  • A potential user must satisfy both authentication
    and authorisation conditions in order to gain
    access to a licensed DNER service/resource.

7
3. Authorisation Rights Services
  • Rights Holders may grant rights (via Licensing
    Authority) to
  • Play/View Copy/Download Amend/Combine
    Re-distribute
  • Re-sell Rights on above
  • Individuals seek licensed services, by virtue of
  • payment of money
  • privilege of membership
  • Service organisations require licenses in order
    to offer services to customers (Institutions)
  • Institutions require licenses in order to allow
    certain types of use by their members
  • students members or customers?

8
Source of Authority about Agreements is a
designated Licencing Authority
Institution
Resource
Licence
Licensing Authority
9
Data Centes
  • What they are
  • What they do
  • What they want

10
What are (JISC) Data Centres?
  • BIDS, EDINA MIMAS
  • bricks in the wall of the UK virtual library
  • What do they do?
  • 'common services' for UK FHE on licensed
    resources
  • A special class of data service provider
  • other JISC-designated DSPs
  • other non-JISC DSPs

11
What do (JISC) Data Centres want?
  • High regard as 'trusted third parties'
  • by rights-holders, funding bodies, subscribers,
    end-users
  • Assurance that a given user has sufficient
    authority to make use of a given service
  • Facilities to do what is asked of them
  • monitoring reporting usage
  • subscriber profiling
  • end-user profiling

12
Data Centre Rôles
  • 1. Content delivery agent
  • responsibility for verifying authentication and
    authorisation with external authorities
  • no responsibility for maintaining that
    information
  • 2. Licensing authority
  • responsibility for issuing licences and acting as
    the source of authority on licence status for the
    resource.
  • BIDS (as ingenta), EDINA MIMAS have joined
    Assoc. of Subscription Agents as Electronic
    Intermediaries

13
Other overlapping rôles
14
Authentication
  • A user is authenticated as a member of an
    institution by demonstrating the possession of
    credentials granted by it.
  • How is this is currently demonstrated
  • IP address
  • ATHENS credentials
  • token exchange
  • individual registration

15
Authorisation
  • A user is authorised to use a resource if this
    right has been indicated by the licensing
    authority.
  • This is currently indicated through systems that
    combine authorisation authentication
  • ATHENS registration
  • individual registration at service provider (that
    also acts as licensing authority)

16
Authorisation (II)
  • Central problems include the appropriate copy,
    and inter-operability requirements of 'portal'
    operation.
  • Approaches
  • authorisation enquiry directed to publishers
    sites
  • can DOI be used to address more than rights
    originator?
  • use of licensing authority tables
  • use of licence records locally institution
  • will SFX do it all?
  • access by assertion, with post hoc validation
  • Shibboleth?
  • Sparta?

17
Data Centre concerns
  • Authentication that is practical for the wide
    variety of institutions to administer
  • could some F/HEIs (continue to) contract out
    Authentication?
  • Authorisation that does not attempt
    authentication is fit for purpose
  • Systems that allow each Data Centre to carry out
    roles
  • 1. as data service provider
  • including access to information about subscribers
    and end-users for profiling service refinement,
    but scholar privacy data protection?
  • 2. as licensor
  • managing authorisation data
  • Respect for confidentiality of business
    information
  • usage statistics (MAU vs. Athens) licensing data

18
Wish list for SPARTA
  • A trust model that takes account of
  • the existence of multiple service organisations
  • and the special role of JISC Data Service
    Providers
  • the existence of multiple licensing authorities.
  • Transparent separation of function.
  • Devolution of responsibility
  • for authentication, to each institution
  • for authorisation, to each licensing authority.
  • Standards-based flexibility
  • in how each institution licensing authority
    acquits its responsibility
  • in choice of technologies.

19
Wish for a model that allows
  • Introduction of new underlying technologies.
  • Integration with commercial services.
  • Simplicity in operation.
  • Commensurate security
  • remove temptation to publish credentials
  • assure expiry of credentials
  • assure identification of individuals
  • confidentiality not anonymit.
  • A pragmatic migration strategy.
Write a Comment
User Comments (0)
About PowerShow.com