Promote the use of scalable authentication and authorisation mechanisms by research data providers

From GRDI2020

Jump to: navigation, search

This is a GRDI recommendation; return to Main Page with all the challenges or to recommendations

Context and Challenges

Today, most research data providers either offer unauthenticated access or maintain their own user management. Both approaches have their drawbacks: Unauthenticated access limits the kind of data that is being offered to consumers and does not allow auditing of the access to the data. Maintaining its own user management on the other hand tends to be a high maintenance effort if done properly. In addition, it is rather inconvenient for the user who has to keep track of many different credentials. On the other hand, many European nations either have built or are building national authentication and authorization infrastructures (AAI). One key element of these infrastructures is the fact that the employing institution of the user performs the user authentication. The employing institution is the “natural” institution to authenticate the user, as it is best suited to keep track of this status (even if it is only because of his salary). However, there is normally no trust relation between the research data provider and the employing institution and/or the security frameworks of these two parties are not interoperable. Furthermore, it should be acknowledged that it is unlikely that all service providers will enter one big trusted domain and therefore the focus should be put on bridging of different trust domains.

Recommendation

Promote the interoperability of national authentication and authorization infrastructure and research data providers by bridging different trust domains.

Stakeholders and Impact

  • Research data providers should aim to capitalize on the authentication mechanisms provided by the user’s employing institution and mitigated through national authorization and authentication infrastructures. This provides a scalable authentication system and frees the data provider from user management duties.
  • National authentication and authorization systems should accelerate their interoperability with research data service providers at the European level.
  • Policy makers should promote policies bridging trust domains between data providers and national AAIs.
  • Software providers should develop services and frameworks that allow transforming user security tokens between different trust domains.
Retrieved from "http://grdi2020.eu/mediawiki/index.php/Promote_the_use_of_scalable_authentication_and_authorisation_mechanisms_by_research_data_providers"
Personal tools