JIRA Issue

[#XCI-502] Review of AARC's Guidelines for scalable and consistent authorisation across multi-SP environments" (AARC-G027)
Participate in AARC Engagement Group for Infrastructures (AEGIS) (XCI-256)

[XCI-502] Review of AARC's Guidelines for scalable and consistent authorisation across multi-SP environments" (AARC-G027) Created: 11/06/2018  Updated: 01/07/2020

Status: Cancelled
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: None

Type: Sub-task Priority: Minor
Reporter: Jim Basney Assignee: Jim Basney
Resolution: Unresolved Votes: 0

Attachments: PDF File AARC-G027 - Guidelines for scalable and consistent authorisation across multi-SP environments.pdf    
XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-502
Track status in meeting: no

 Description   

The purpose of this document is to guide infrastructures in the efficient implementation of the access restrictions that are required by the individual communities and e-Infrastructures. The guidelines are given within the setting of the AARC BPA. In this scenario, user communities make use of an SP-IdP-Proxy (including Attribute management). The users are given access to resources (end services) via infrastructure SP-IdP-Proxies. The given guidelines address two different topics. One is about providing an interoperable schema to use for expressing authorisation information. This is an extension of the recommendations provided in AARC-G002 - Expressing group membership and role information. The other topic concerns the organisational architecture for conveying authorisation information. Guidelines in this latter area are derived from the more detailed Deliverable DJRA1.2 on authorisation models.



 Comments   

There are comments for XCI-502 that can be viewed with XSEDE authentication.