Summary
The purpose of this document is to guide infrastructures in the efficient implementation of the access restrictions that are required by the individual communities and e-Infrastructures. The guidelines are given within the setting of the AARC BPA. In this scenario, user communities make use of an SP-IdP-Proxy (including Attribute management). The users are given access to resources (end services) via infrastructure SP-IdP-Proxies. Guidelines are derived from the more detailed Deliverable DJRA1.2 on authorisation models.
Links
| View file | ||||||
|---|---|---|---|---|---|---|
|
MS Word
| View file | ||||||
|---|---|---|---|---|---|---|
|
Guidelines for scalable authorisation across multi-SP environments
Summary
Managing authorisation at each SP individually does not scale (although in some case it might be required). So, how to do it? Provide guidelines on how one can manage authorisation across multiple SPs, possibly operated by different entities. For some cases centrally managed entitlements (conveying group/role membership for example) might be more than enough.
Links
Working docs
Google-Doc: https://docs.google.com/document/d/17BaAp8OBUo9V3Z4iDYxfckzrEFwdIBfBrkOebp6VSIg/edit#
Final PDF
To be published
Meetings schedule and Minutes
| Date | Location | Agenda | Minutes |
|---|---|---|---|
| 2017-07-17-11 13-00 (CEST) | https://webconf.vc.dfn.de/aarc-jra1 | Discuss documents A, B, C:
| We essentially worked inside the documents. Minutes do not make sense at this point |
...