Project

General

Profile

Requirement #762

(Requirement) User identities can be derived from existing institutional directory services

Added by Matthew Jones over 11 years ago. Updated about 11 years ago.

Status:
New
Priority:
High
Assignee:
Category:
Requirement
Target version:
-
Start date:
Due date:
% Done:

0%


Description

Many existing directory services are in use in the environmental sciences, and participating member nodes should be able to expose their directories through a standardized mechanism to allow users to make use of existing identities. For example, the KNB LDAP server is a federation of multiple LDAP systems from around the world, and these identities have been used in access rules for many existing objects.Rationale: Re-use of existing infrastructure reduces cost of participation and minimizes confusion over which accounts to use and which rules are associated with what account.

Fit Criteria

  • The system provides a mechanism for exsiting directory services to join * The system provides a namespacing mechanism to differentiate users with the same id in different original directories (e.g., mjones@LTER, mjones@UCNRS)
  • The same email address can be associated with multiple identities
  • The same person or system can possess multiple identities
  • If a user has multiple identities, the user can express equivalence rules that indicate that they are linked, equivalent identities for the purposes of authentication and authorization

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)