[Go-essp-tech] Your views and feedback needed on the use of access control to secure data and services
philip.kershaw at stfc.ac.uk
philip.kershaw at stfc.ac.uk
Mon Jun 18 04:50:15 MDT 2012
Hi all,
This is a little off-topic for this list but please read on as I would really like to gather your views and opinions (especially if you have no interest in security :) and especially in your experiences as end users).
Around twelve months ago I was invited with IPSL to give input on behalf of the climate science research community into a workshop on federated identity management (this covers a range of topics including single sign-on, access control, security).
It's the result of an initiative led by CERN and involves a number of other national labs and research communities. It has been motivated by a recognition that despite much work in the development of systems for single sign-on, access control in federations and grids there are still considerable problems. These can be expressed both in terms of the ease of use for end users and the difficulties faced by research groups and data providers in getting data integrated into these systems so that it can be easily accessed.
It's become clear that there is high degree of overlap in the needs of the different communities involved and a paper, 'Federated Identity Management for Research Collaborations', has been written summarising the findings and making a series of recommendations:
https://cdsweb.cern.ch/record/1442597
https://cdsweb.cern.ch/record/1442597/files/CERN-OPEN-2012-006.pdf
The aim is to be a collective voice to influence policy makers, technology providers and funding bodies towards solutions which address the problems. This is where it needs your help. Please answer these questions (even if you don't have the time to read the paper):
1. Are you satisfied with the current state of systems for securing access to data and managing online identities within your research community?
2. What is the major issue that you face when managing multiple identities?
3. What use cases do you envisage for securing access to data and computing resources (or you might argue we need to be securing less)?
4. Do you consider the use cases and requirements identified in the paper as relevant to you?
You can write comments here:
https://cdsweb.cern.ch/record/1442597/comments
Or reply by e-mail. I need response by the end of Wednesday this week (20th June).
Thanks,
Phil
--
Scanned by iCritical.
More information about the GO-ESSP-TECH
mailing list