InCommonUABgrid: Difference between revisions

From Cheaha
Jump to navigation Jump to search
(Reconstruct from RSS feed.)
 
m (Fix import from RSS feed)
Line 1: Line 1:
-----Original Message-----
From section 3 of the "INCOMMON FEDERATION: PARTICIPANT OPERATIONAL
From: John-Paul Robinson
PRACTICES"
Sent: Wednesday, March 21, 2007 3:58 PM
(http://www.incommonfederation.org/docs/policies/incommonpop.html)
To: David L Shealy
Subject: incommon resource provider
   
   
Here's a first draft at the resource provider application for InCommon.
3 Resource Provider Information
Let me know what you think. We should involve Puri and Alan after we
get the foundation in place so they can comment on the requirements they
envision to enable access to their resources.
   
   
I'm trying to be honest and general in my description. It's important
Resource Providers are trusted to ask for only the information necessary
to remember that InCommon requires that we document our operating
to make an appropriate access control decision, and to not misuse
practices so that they can be reviewed by members of InCommon. It does
information provided to them by Credential Providers. Resource
not require any specific level of security, leaving that to the
Providers must describe the basis on which access to resources is
discretion of peers who decide to trust the application. I think its
managed and their practices with respect to attribute information they
important to document what we see as our initial goals, acknowledging
receive from other Participants.
the fact that these operating policies will likely change over time as
experience is gained collaborating with UABgrid. There is little
precedent for this type of service, so part of our effort is determining
appropriate and acceptable operating procedures.
   
   
~jpr
UABgrid is a collaboration environment for use by UAB community members
and their designated collaborators from UAB and from other campuses to
organize around shared academic interests. UABgrid is a participant
directed and controlled collaboration environment that will provide
access to web and grid applications. Basic access will be broadly
available with additional privileges granted to specific community
members based on the information provided by credential providers and
peers within the community.
   
   
>From section 3 of the "INCOMMON FEDERATION: PARTICIPANT OPERATIONAL
UABgrid's planned resource provider id will be:
PRACTICES"
(http://www.incommonfederation.org/docs/policies/incommonpop.html)
   
   
3 Resource Provider Information
https://uabgrid.uab.edu/shibboleth
   
   
Resource Providers are trusted to ask for only the information necessary
3.1 What attribute information about an individual do you require
to make an appropriate access control decision, and to not misuse
in order to manage access to resources you might make available to other
information provided to them by Credential Providers. Resource
Participants? Describe separately for each resource ProviderID that you
Providers must describe the basis on which access to resources is
have registered.
managed and their practices with respect to attribute information they
receive from other Participants.
   
   
UABgrid is a collaboration environment for use by UAB community members
The only required attribute required to access basic UABgrid resources
and their designated collaborators from UAB and from other campuses to
will be eduPersonPrincipleName (ePPN). This attribute is intended to
organize around shared academic interests. UABgrid is a participant
provide a unique identity for each user that reflects their identity at
directed and controlled collaboration environment that will provide
their Identity Provider. An identity provider may supply a targeted id
access to web and grid applications. Basic access will be broadly
in addition to or in lieu of ePPN, however, no access will be granted
available with additional privileges granted to specific community
with out either of these identity attributes.
members based on the information provided by credential providers and
peers within the community.
   
   
UABgrid's planned resource provider id will be:
An identity provider may supply an email attribute along with the ePPN
or targeted id. If supplied, this address should be considered a
working email address. This attribute will be used to pre-populate
application forms as a convenience to the end user. However, a user
will be allowed to override the supplied email address and supplied an
alternative working email address, verified during registration.
 
Please note: UABgrid will not consider the ePPN, targeted id or email
address to constitute personally identifiable information. Users and
identity providers concerned with privacy at the user-account level are
asked to supply opaque identifiers (such as targeted id) whose mapping
to personally identified information is maintained by the identity
provider at the identity provider.
   
   
https://uabgrid.uab.edu/shibboleth
While this information will be sufficient for basic participation in
UABgrid, access to specific resources may require additional information
either asserted by the users identity provider or by authorized peers
on UABgrid. An example of these attributes may include the users common
name and affiliation as asserted by the identity provider in order to
access a computational resource. Requests for these attributes will be
identified and determined by resource providers on UABgrid. Users
should have the ability to control the release of these additional
attributes, with the understanding that denying their release may
restrict their levels of privilege on UABgrid.
   
   
3.1 What attribute information about an individual do you require
When requested, every effort will be made to make these additional
in order to manage access to resources you might make available to other
attributes available only to the applications that require them. For
Participants? Describe separately for each resource ProviderID that you
example, if a grid compute resource provider requires the common name
have registered.
and phone number of a user, only that application will receive this
additional information.
   
   
The only required attribute required to access basic UABgrid resources
3.2 What use do you make of attribute information that you receive
will be eduPersonPrincipleName (ePPN). This attribute is intended to
in addition to basic access control decisions? For example, do you
provide a unique identity for each user that reflects their identity at
aggregate session access records or records of specific information
their Identity Provider. An identity provider may supply a targeted id
accessed based on attribute information, or make attribute information
in addition to or in lieu of ePPN, however, no access will be granted
available to partner organizations, etc.?
with out either of these identity attributes.
   
   
An identity provider may supply an email attribute along with the ePPN
The ePPN will be used to identify an individual user within UABgrid both
or targeted id. If supplied, this address should be considered a
to web applications and grid resources. This will essentially by their
working email address. This attribute will be used to pre-populate
"user identity" within the system.
application forms as a convenience to the end user. However, a user
will be allowed to override the supplied email address and supplied an
alternative working email address, verified during registration.
   
   
Please note: UABgrid will not consider the ePPN, targeted id or email
The email address will enable the user to participate in provided email-
address to constitute personally identifiable information. Users and
based discussions related to the groups with which they participate.
identity providers concerned with privacy at the user-account level are
The email address will also be used to communicate system-wide
asked to supply opaque identifiers (such as targeted id) whose mapping
announcements to the user and may be used by application providers to
to personally identified information is maintained by the identity
communicate with the user. Essentially, the email address considered a
provider at the identity provider.
communication end point for the user of the UABgrid system environment.
   
   
While this information will be sufficient for basic participation in
Additional attributes that may be required for authorizations beyond
UABgrid, access to specific resources may require additional information
basic access will be used to help identify the individual to resource
either asserted by the users identity provider or by authorized peers
providers so that authorization requests can be reviewed.
on UABgrid. An example of these attributes may include the users common
name and affiliation as asserted by the identity provider in order to
access a computational resource. Requests for these attributes will be
identified and determined by resource providers on UABgrid. Users
should have the ability to control the release of these additional
attributes, with the understanding that denying their release may
restrict their levels of privilege on UABgrid.
   
   
When requested, every effort will be made to make these additional
3.3 What human and technical controls are in place on access to and
attributes available only to the applications that require them. For
use of attribute information that might refer to only one specific
example, if a grid compute resource provider requires the common name
person, i.e. personally identifiable information? For example, is this
and phone number of a user, only that application will receive this
information encrypted?
additional information.
   
   
3.2 What use do you make of attribute information that you receive
Access to the databases that store personally identifiable information
in addition to basic access control decisions? For example, do you
will be controlled via standard system security procedures. Only UABgrid
aggregate session access records or records of specific information
operators will have access to centrally stored attributes. Attributes
accessed based on attribute information, or make attribute information
made available to specific resource providers will be under the control
available to partner organizations, etc.?
of those resource providers. User discretion is advised.
   
   
The ePPN will be used to identify an individual user within UABgrid both
3.4 Describe the human and technical controls that are in place on
to web applications and grid resources. This will essentially by their
the management of super-user and other privileged accounts that might
"user identity" within the system.
have the authority to grant access to personally identifiable information?
   
   
The email address will enable the user to participate in provided email-
Privileged accounts will be restricted to a limited set of experienced
based discussions related to the groups with which they participate.
UABgrid operators. These operators will be familiar with standard
The email address will also be used to communicate system-wide
security practices regarding the management of personal information.
announcements to the user and may be used by application providers to
communicate with the user. Essentially, the email address considered a
communication end point for the user of the UABgrid system environment.
   
   
Additional attributes that may be required for authorizations beyond
3.5 If personally identifiable information is compromised, what
basic access will be used to help identify the individual to resource
actions do you take to notify potentially affected individuals?
providers so that authorization requests can be reviewed.
   
   
3.3 What human and technical controls are in place on access to and
In this event UABgrid will make a reasonable effort to contact the user
use of attribute information that might refer to only one specific
via email to notify them of the event. Additionally, UABgrid will alter
person, i.e. personally identifiable information? For example, is this
the user's identity provider to the compromise.
information encrypted?
   
   
Access to the databases that store personally identifiable information
Please note, UABgrid is a pilot service. Every effort will be made to
will be controlled via standard system security procedures. Only UABgrid
protect provided information. Users are encourage to exercise
operators will have access to centrally stored attributes. Attributes
discretion and evaluate requests for information based on their trust of
made available to specific resource providers will be under the control
the services provided. At the point UABgrid becomes a non-pilot service
of those resource providers. User discretion is advised.
additional operating practices and procedures may come into effect which
may augment or replace those described here.
3.4 Describe the human and technical controls that are in place on
the management of super-user and other privileged accounts that might
have the authority to grant access to personally identifiable information?
Privileged accounts will be restricted to a limited set of experienced
UABgrid operators. These operators will be familiar with standard
security practices regarding the management of personal information.
3.5 If personally identifiable information is compromised, what
actions do you take to notify potentially affected individuals?
In this event UABgrid will make a reasonable effort to contact the user
via email to notify them of the event. Additionally, UABgrid will alter
the user's identity provider to the compromise.
Please note, UABgrid is a pilot service. Every effort will be made to
protect provided information. Users are encourage to exercise
discretion and evaluate requests for information based on their trust of
the services provided. At the point UABgrid becomes a non-pilot service
additional operating practices and procedures may come into effect which
may augment or replace those described here.

Revision as of 02:49, 1 July 2007

From section 3 of the "INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES" (http://www.incommonfederation.org/docs/policies/incommonpop.html)

3 Resource Provider Information

Resource Providers are trusted to ask for only the information necessary to make an appropriate access control decision, and to not misuse information provided to them by Credential Providers. Resource Providers must describe the basis on which access to resources is managed and their practices with respect to attribute information they receive from other Participants.

UABgrid is a collaboration environment for use by UAB community members and their designated collaborators from UAB and from other campuses to organize around shared academic interests. UABgrid is a participant directed and controlled collaboration environment that will provide access to web and grid applications. Basic access will be broadly available with additional privileges granted to specific community members based on the information provided by credential providers and peers within the community.

UABgrid's planned resource provider id will be:

https://uabgrid.uab.edu/shibboleth

3.1 What attribute information about an individual do you require in order to manage access to resources you might make available to other Participants? Describe separately for each resource ProviderID that you have registered.

The only required attribute required to access basic UABgrid resources will be eduPersonPrincipleName (ePPN). This attribute is intended to provide a unique identity for each user that reflects their identity at their Identity Provider. An identity provider may supply a targeted id in addition to or in lieu of ePPN, however, no access will be granted with out either of these identity attributes.

An identity provider may supply an email attribute along with the ePPN or targeted id. If supplied, this address should be considered a working email address. This attribute will be used to pre-populate application forms as a convenience to the end user. However, a user will be allowed to override the supplied email address and supplied an alternative working email address, verified during registration.

Please note: UABgrid will not consider the ePPN, targeted id or email address to constitute personally identifiable information. Users and identity providers concerned with privacy at the user-account level are asked to supply opaque identifiers (such as targeted id) whose mapping to personally identified information is maintained by the identity provider at the identity provider.

While this information will be sufficient for basic participation in UABgrid, access to specific resources may require additional information either asserted by the users identity provider or by authorized peers on UABgrid. An example of these attributes may include the users common name and affiliation as asserted by the identity provider in order to access a computational resource. Requests for these attributes will be identified and determined by resource providers on UABgrid. Users should have the ability to control the release of these additional attributes, with the understanding that denying their release may restrict their levels of privilege on UABgrid.

When requested, every effort will be made to make these additional attributes available only to the applications that require them. For example, if a grid compute resource provider requires the common name and phone number of a user, only that application will receive this additional information.

3.2 What use do you make of attribute information that you receive in addition to basic access control decisions? For example, do you aggregate session access records or records of specific information accessed based on attribute information, or make attribute information available to partner organizations, etc.?

The ePPN will be used to identify an individual user within UABgrid both to web applications and grid resources. This will essentially by their "user identity" within the system.

The email address will enable the user to participate in provided email- based discussions related to the groups with which they participate. The email address will also be used to communicate system-wide announcements to the user and may be used by application providers to communicate with the user. Essentially, the email address considered a communication end point for the user of the UABgrid system environment.

Additional attributes that may be required for authorizations beyond basic access will be used to help identify the individual to resource providers so that authorization requests can be reviewed.

3.3 What human and technical controls are in place on access to and use of attribute information that might refer to only one specific person, i.e. personally identifiable information? For example, is this information encrypted?

Access to the databases that store personally identifiable information will be controlled via standard system security procedures. Only UABgrid operators will have access to centrally stored attributes. Attributes made available to specific resource providers will be under the control of those resource providers. User discretion is advised.

3.4 Describe the human and technical controls that are in place on the management of super-user and other privileged accounts that might have the authority to grant access to personally identifiable information?

Privileged accounts will be restricted to a limited set of experienced UABgrid operators. These operators will be familiar with standard security practices regarding the management of personal information.

3.5 If personally identifiable information is compromised, what actions do you take to notify potentially affected individuals?

In this event UABgrid will make a reasonable effort to contact the user via email to notify them of the event. Additionally, UABgrid will alter the user's identity provider to the compromise.

Please note, UABgrid is a pilot service. Every effort will be made to protect provided information. Users are encourage to exercise discretion and evaluate requests for information based on their trust of the services provided. At the point UABgrid becomes a non-pilot service additional operating practices and procedures may come into effect which may augment or replace those described here.