user metadata service - extra SSO service

Paul Harrison pharriso at eso.org
Thu May 17 23:06:44 PDT 2007 

Hi,

I thought that I would like to present the extra service that I  
mentioned was missing from the SSO  suite, and was discussed briefly  
between a few of us just after the session.

Use Case
-------------

Many institutions require that the user registers locally in their  
user database before they can interact with local services - ie a  
local identity is the first authorization requirement. This is likely  
to remain a requirement at many institutions long after a VO SSO is  
well established, as they will have legacy systems (proposals,  
archive access, etc.) that depend on the the local identity. This  
local identity can be mapped to the VO identity (i.e. a X509  
certificate), so there is no problem with authentication.  However,  
even if the user has a trusted VO identity, it does not  contain  
sufficient metatdata to initially register the user locally. If the  
user has repeatedly to fill in the same personal details to register  
with every institution it makes SSO a more painful process than  
necessary. It is also true that astronomers (especially young ones)  
change their home institution quite frequently, so the process of  
registering metadata locally, will be relatively frequent.

Solution
-----------

A service that can provide the necessary user metadata - when  
registering at a new institution the user can press a "fetch my  
details" button on the registration form to fill in common metadata.  
The user then chooses where they want to source their metadata, and  
the relevant boxes on the registration form will be completed.

assorted observations
* The schema of the information to be passed needs to be decided
* The user's vo Identity is used as authorization  to release the  
metadata by the metadata service.
* The user metadata service could be provided either
      * in combination with the user identity service (which  
consequently would need to ask the user for more metadata than is  
typically required in current implementations)
      * or by each of the institution based user databases .
     it does not matter which is chosen as long as the services are  
registered, as then the user can then choose which they believe is  
their "home".

Paul Harrison
ESO Garching
www.eso.org

More information about the grid mailing list