Identity and access management for complex research data workflows
Identity and Access Management (IAM) infrastructures already provide a crucial and established technology, enabling researchers and students to access services like computing facilities and electronic resources. However, the rise of complex and fully digitalized scientific workflows, world-wide research co-operations, and the reliance on external services and data sources poses new challenges to IAM architectures and their federations. Due to the non-uniform structure of such services each service provider is implementing its own accessand security-policy. As a result of license restrictions or privacy concerns, a user has to be authenticated and authorized by different entities in different contexts and roles to access complex research data, i.e. requesting a digital object as well as appropriate processing tools and a rendering environment. In order to enable seamless scientific workflows, an efficient federated IAM architecture is required. In this paper we discuss the use-case of functional research data preservation and the requirements for a common authentication and authorization scheme. The goal is to develop a security architecture allowing the user to login only once, e.g. at his or her university library and the Identity Management (IdM) system should be able to delegate the user's request to the related service providers. All these entities need to interact with and on behalf of the user without the user having to enter his credentials at every point. The results of this work are particularly useful when facing upcoming challenges to securing and managing access to non-uniform and inhomogenous cloud services and external data sources as a basis for today's scientific workflows and electronic business processes.
Full Text: PDF