-
Notifications
You must be signed in to change notification settings - Fork 25
Authentication and Authorization Policies
This is a proposal to define Authentication and Authorization (AA) policies for CONP datasets. It is proposed to define the authorization and authentication mechanisms used by each dataset in the DATS document describing the metadata of the dataset. Harmonization of these policies across storage platforms and datasets will be sought but not enforced.
One of the following three types of authorization policies must be adopted by the dataset owner, and documented in the DATS model:
- Public dataset: no authorization is required
- Dataset under Registered Access: authorization from CONP is required. The authorization policy should be defined by the CONP steering committee. It is proposed to authorize any member of a Canadian academic institution.
- Private dataset: custom authorization from the data provider is required. The procedure to request such authorization should be mentioned.
It is recommended that datasets adopt authorization policies 1. or 2.
Datasets under Registered Access: authentication mechanism must be ORCIDid. It should be noted that getting an ORCID account doesn't imply that the user will be authorized to access the datasets (see authorization policy).
Private datasets: An authentication system must be specified in the DATS model. The recommended authentication mechanism is through ORCIDid, but custom authentication schemes are possible. The DATS model of the dataset will specify if the authentication mechanism is ORCIDid, or if it is custom to the platform. If the authentication mechanism is custom to the platform, then the documentation on how to get an account, and which authentication protocol is used will be specified in the DATS model.
- Get the developers' and TSC's feedback and approval on this document (discussed during Feb 3rd meeting, document updated accordingly)
- Checked if institutional sign-in to ORCID allows a platform to retrieve the user's institution (people at ORCID said it's possible)
- Get the steering committee's feedback and approval on this document
- Extend the DATS model to describe the final policies, update the DATS validator accordingly
- Specify the AA policies in each dataset