Skip to content

Authentication and Authorization Policies

Jump to bottom
Tristan Glatard edited this page Feb 5, 2020 · 7 revisions

This draft is a proposal to define Authentication and Authorization (AA) policies for CONP datasets. It is proposed to define the authorization and authentication mechanisms used by each particular dataset in the DATS document describing the metadata of the dataset. Harmonization of these policies across storage platforms and datasets will be sought but not enforced.

Authorization

One of the following three types of authorization policies must be specified in the DATS model of the dataset:

  1. Public dataset: no authorization is required
  2. Dataset under Registered Access: authorization from CONP is required. The authorization policy should be defined by the CONP steering committee. It is proposed to authorize any member of a Canadian academic institution.
  3. Private dataset: custom authorization from the data provider is required. The procedure to request such authorization should be mentioned.

It is recommended that datasets adopt authorization policies 1. or 2.

Authentication

Datasets under Registered Access: authentication mechanism must be ORCIDid. It should be noted that getting an ORCID account doesn't imply that the user will be authorized to access the datasets (see authorization policy).

Private datasets: An authentication system must be specified in the DATS model. The recommended authentication mechanism is through ORCIDid, but custom authentication schemes are possible. The DATS model of the dataset will specify if the authentication mechanism is ORCIDid, or if it is custom to the platform. If the authentication mechanism is custom to the platform, then the documentation on how to get an account, and which authentication protocol is used will be specified in the DATS model.

Next Actions

  • Get the developers' and TSC's feedback and approval on this document (discussed during Feb 3rd meeting, document updated accordingly)
  • Get the steering committee's feedback and approval on this document
  • Extend the DATS model to describe the final policies, update the DATS validator accordingly
  • Specify the AA policies in each dataset
Clone this wiki locally