Äcdocutils.nodes document q)Åq}q(U nametypesq}q(XL���763: authentication and authorization services are geographically replicatedqNX7���795: system must support revocation of user permissionsqNX_���772: authentication services should be compatible with existing infrastructure and applicationsqNX_���770: authorization system should be able to express the pseudo-principal concepts like 'public'q NX8���identity, authentication, and authorization requirementsq NXH���392: identity and access control should be interoperable across datanetsqNXã���766: users should be able to easily assign proxy privileges to other users and to systems acting on their behalf for limited time durationsqNX@���777: authorization rules should support common permission levelsq NX?���820: common api for authentication and authorization operationsqNX0���765: tools can access an api for authn and authzqNX\���769: authorization should support critical roles, such as curators and system administratorsqNX<���767: users need to be able to express embargo rules for dataqNXE���391: enable different classes of users commensurate with their roles.qNX^���768: need default authz policies that resolve problems associated with inaccessible principalsqNX/���390: consistent mechanism for identifying usersqNXK���393: access control rule evaluation must be highly scalable and responsive.qNXw���761: users can specify authorization rules for data objects, science metadata objects, and process artifacts separatelyqNXR���762: user identities can be derived from existing institutional directory servicesqNXG���764: authentication and access control should be consistently availableqNXÜ���771: user identities should have simple string serializations that express both the user identity and namespace from which it is drawnqNuUsubstitution_defsq}qUparse_messagesq]qUcurrent_sourceqNU decorationqNUautofootnote_startq KUnameidsq!}q"(hUGauthentication-and-authorization-services-are-geographically-replicatedq#hU2system-must-support-revocation-of-user-permissionsq$hUZauthentication-services-should-be-compatible-with-existing-infrastructure-and-applicationsq%h UXauthorization-system-should-be-able-to-express-the-pseudo-principal-concepts-like-publicq&h U6identity-authentication-and-authorization-requirementsq'hUCidentity-and-access-control-should-be-interoperable-across-datanetsq(hUÜusers-should-be-able-to-easily-assign-proxy-privileges-to-other-users-and-to-systems-acting-on-their-behalf-for-limited-time-durationsq)h U;authorization-rules-should-support-common-permission-levelsq*hU:common-api-for-authentication-and-authorization-operationsq+hU+tools-can-access-an-api-for-authn-and-authzq,hUVauthorization-should-support-critical-roles-such-as-curators-and-system-administratorsq-hU7users-need-to-be-able-to-express-embargo-rules-for-dataq.hU?enable-different-classes-of-users-commensurate-with-their-rolesq/hUYneed-default-authz-policies-that-resolve-problems-associated-with-inaccessible-principalsq0hU*consistent-mechanism-for-identifying-usersq1hUEaccess-control-rule-evaluation-must-be-highly-scalable-and-responsiveq2hUpusers-can-specify-authorization-rules-for-data-objects-science-metadata-objects-and-process-artifacts-separatelyq3hUMuser-identities-can-be-derived-from-existing-institutional-directory-servicesq4hUBauthentication-and-access-control-should-be-consistently-availableq5hUÅuser-identities-should-have-simple-string-serializations-that-express-both-the-user-identity-and-namespace-from-which-it-is-drawnq6uUchildrenq7]q8cdocutils.nodes section q9)Åq:}q;(U rawsourceq<U�Uparentq=hUsourceq>Xu���/var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/design/AuthnAndAuthzRequirements.txtq?Utagnameq@UsectionqAU attributesqB}qC(UdupnamesqD]UclassesqE]UbackrefsqF]UidsqG]qHh'aUnamesqI]qJh auUlineqKKUdocumentqLhh7]qM(cdocutils.nodes title qN)ÅqO}qP(h<X8���Identity, Authentication, and Authorization RequirementsqQh=h:h>h?h@UtitleqRhB}qS(hD]hE]hF]hG]hI]uhKKhLhh7]qTcdocutils.nodes Text qUX8���Identity, Authentication, and Authorization RequirementsqVÖÅqW}qX(h<hQh=hOubaubcdocutils.nodes table qY)ÅqZ}q[(h<U�h=h:h>Nh@Utableq\hB}q](hD]hE]hF]hG]hI]uhKNhLhh7]q^cdocutils.nodes tgroup q_)Åq`}qa(h<U�hB}qb(hG]hF]hD]hE]hI]UcolsKuh=hZh7]qc(cdocutils.nodes colspec qd)Åqe}qf(h<U�hB}qg(hG]hF]hD]hE]hI]UcolwidthKuh=h`h7]h@Ucolspecqhubhd)Åqi}qj(h<U�hB}qk(hG]hF]hD]hE]hI]UcolwidthKuh=h`h7]h@hhubcdocutils.nodes thead ql)Åqm}qn(h<U�hB}qo(hD]hE]hF]hG]hI]uh=h`h7]qpcdocutils.nodes row qq)Åqr}qs(h<U�hB}qt(hD]hE]hF]hG]hI]uh=hmh7]qu(cdocutils.nodes entry qv)Åqw}qx(h<U�hB}qy(hD]hE]hF]hG]hI]uh=hrh7]qzcdocutils.nodes paragraph q{)Åq|}q}(h<X���Categoryq~h=hwh>h?h@U paragraphqhB}qÄ(hD]hE]hF]hG]hI]uhKKh7]qÅhUX���CategoryqÇÖÅqÉ}qÑ(h<h~h=h|ubaubah@UentryqÖubhv)ÅqÜ}qá(h<U�hB}qà(hD]hE]hF]hG]hI]uh=hrh7]qâh{)Åqä}qã(h<X���Requirement IDqåh=hÜh>h?h@hhB}qç(hD]hE]hF]hG]hI]uhKK h7]qéhUX���Requirement IDqèÖÅqê}që(h<håh=häubaubah@hÖubeh@Urowqíubah@Utheadqìubcdocutils.nodes tbody qî)Åqï}qñ(h<U�hB}qó(hD]hE]hF]hG]hI]uh=h`h7]qò(hq)Åqô}qö(h<U�hB}qõ(hD]hE]hF]hG]hI]uh=hïh7]qú(hv)Åqù}qû(h<U�hB}qü(hD]hE]hF]hG]hI]uh=hôh7]q†h{)Åq°}q¢(h<X���APIq£h=hùh>h?h@hhB}q§(hD]hE]hF]hG]hI]uhKKh7]q•hUX���APIq¶ÖÅqß}q®(h<h£h=h°ubaubah@hÖubhv)Åq©}q™(h<U�hB}q´(hD]hE]hF]hG]hI]uh=hôh7]q¨cdocutils.nodes line_block q≠)ÅqÆ}qØ(h<U�hB}q∞(hD]hE]hF]hG]hI]uh=h©h7]q±(cdocutils.nodes line q≤)Åq≥}q¥(h<X0���765: Tools can access an API for authn and authzqµUindentq∂K�h=hÆh>h?h@hKhB}q∑(hD]hE]hF]hG]hI]uhKK�h7]q∏hUX0���765: Tools can access an API for authn and authzqπÖÅq∫}qª(h<hµh=h≥ubaubh≤)Åqº}qΩ(h<X?���820: Common API for authentication and authorization operationsqæh∂K�h=hÆh>h?h@hKhB}qø(hD]hE]hF]hG]hI]uhKK�h7]q¿hUX?���820: Common API for authentication and authorization operationsq¡ÖÅq¬}q√(h<hæh=hºubaubeh@U line_blockqƒubah@hÖubeh@híubhq)Åq≈}q∆(h<U�hB}q«(hD]hE]hF]hG]hI]uh=hïh7]q»(hv)Åq…}q (h<U�hB}qÀ(hD]hE]hF]hG]hI]uh=h≈h7]qÃh{)ÅqÕ}qŒ(h<X���Authenticationqœh=h…h>h?h@hhB}q–(hD]hE]hF]hG]hI]uhKKh7]q—hUX���Authenticationq“ÖÅq”}q‘(h<hœh=hÕubaubah@hÖubhv)Åq’}q÷(h<U�hB}q◊(hD]hE]hF]hG]hI]uh=h≈h7]qÿh≠)ÅqŸ}q⁄(h<U�hB}q€(hD]hE]hF]hG]hI]uh=h’h7]q‹(h≤)Åq›}qfi(h<XH���392: Identity and access control should be interoperable across datanetsqflh∂K�h=hŸh>h?h@hKhB}q‡(hD]hE]hF]hG]hI]uhKK�h7]q·hUXH���392: Identity and access control should be interoperable across datanetsq‚ÖÅq„}q‰(h<hflh=h›ubaubh≤)ÅqÂ}qÊ(h<XG���764: Authentication and access control should be consistently availableqÁh∂K�h=hŸh>h?h@hKhB}qË(hD]hE]hF]hG]hI]uhKK�h7]qÈhUXG���764: Authentication and access control should be consistently availableqÍÖÅqÎ}qÏ(h<hÁh=hÂubaubh≤)ÅqÌ}qÓ(h<X0���765: Tools can access an API for authn and authzqÔh∂K�h=hŸh>h?h@hKhB}q(hD]hE]hF]hG]hI]uhKK�h7]qÒhUX0���765: Tools can access an API for authn and authzqÚÖÅqÛ}qÙ(h<hÔh=hÌubaubh≤)Åqı}qˆ(h<X?���820: Common API for authentication and authorization operationsq˜h∂K�h=hŸh>h?h@hKhB}q¯(hD]hE]hF]hG]hI]uhKK�h7]q˘hUX?���820: Common API for authentication and authorization operationsq˙ÖÅq˚}q¸(h<h˜h=hıubaubeh@hƒubah@hÖubeh@híubhq)Åq˝}q˛(h<U�hB}qˇ(hD]hE]hF]hG]hI]uh=hïh7]r���(hv)År��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=h˝h7]r��h{)År��}r��(h<X ���Authorizationr��h=j��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKKh7]r ��hUX ���Authorizationr ��ÖÅr��}r��(h<j��h=j��ubaubah@hÖubhv)År ��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=h˝h7]r��h≠)År��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=j ��h7]r��(h≤)År��}r��(h<XK���393: Access control rule evaluation must be highly scalable and responsive.r��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXK���393: Access control rule evaluation must be highly scalable and responsive.r��ÖÅr��}r��(h<j��h=j��ubaubh≤)År��}r��(h<Xw���761: Users can specify authorization rules for data objects, science metadata objects, and process artifacts separatelyr��h∂K�h=j��h>h?h@hKhB}r ��(hD]hE]hF]hG]hI]uhKK�h7]r!��hUXw���761: Users can specify authorization rules for data objects, science metadata objects, and process artifacts separatelyr"��ÖÅr#��}r$��(h<j��h=j��ubaubh≤)År%��}r&��(h<XG���764: Authentication and access control should be consistently availabler'��h∂K�h=j��h>h?h@hKhB}r(��(hD]hE]hF]hG]hI]uhKK�h7]r)��hUXG���764: Authentication and access control should be consistently availabler*��ÖÅr+��}r,��(h<j'��h=j%��ubaubh≤)År-��}r.��(h<X0���765: Tools can access an API for authn and authzr/��h∂K�h=j��h>h?h@hKhB}r0��(hD]hE]hF]hG]hI]uhKK�h7]r1��hUX0���765: Tools can access an API for authn and authzr2��ÖÅr3��}r4��(h<j/��h=j-��ubaubh≤)År5��}r6��(h<Xã���766: Users should be able to easily assign proxy privileges to other users and to systems acting on their behalf for limited time durationsr7��h∂K�h=j��h>h?h@hKhB}r8��(hD]hE]hF]hG]hI]uhKK�h7]r9��hUXã���766: Users should be able to easily assign proxy privileges to other users and to systems acting on their behalf for limited time durationsr:��ÖÅr;��}r<��(h<j7��h=j5��ubaubh≤)År=��}r>��(h<X<���767: Users need to be able to express embargo rules for datar?��h∂K�h=j��h>h?h@hKhB}r@��(hD]hE]hF]hG]hI]uhKK�h7]rA��hUX<���767: Users need to be able to express embargo rules for datarB��ÖÅrC��}rD��(h<j?��h=j=��ubaubh≤)ÅrE��}rF��(h<X^���768: Need default authz policies that resolve problems associated with inaccessible principalsrG��h∂K�h=j��h>h?h@hKhB}rH��(hD]hE]hF]hG]hI]uhKK�h7]rI��hUX^���768: Need default authz policies that resolve problems associated with inaccessible principalsrJ��ÖÅrK��}rL��(h<jG��h=jE��ubaubh≤)ÅrM��}rN��(h<X\���769: Authorization should support critical roles, such as curators and system administratorsrO��h∂K�h=j��h>h?h@hKhB}rP��(hD]hE]hF]hG]hI]uhKK�h7]rQ��hUX\���769: Authorization should support critical roles, such as curators and system administratorsrR��ÖÅrS��}rT��(h<jO��h=jM��ubaubh≤)ÅrU��}rV��(h<X_���770: Authorization system should be able to express the pseudo-principal concepts like 'public'rW��h∂K�h=j��h>h?h@hKhB}rX��(hD]hE]hF]hG]hI]uhKK�h7]rY��hUX_���770: Authorization system should be able to express the pseudo-principal concepts like 'public'rZ��ÖÅr[��}r\��(h<jW��h=jU��ubaubh≤)År]��}r^��(h<X_���772: Authentication services should be compatible with existing infrastructure and applicationsr_��h∂K�h=j��h>h?h@hKhB}r`��(hD]hE]hF]hG]hI]uhKK�h7]ra��hUX_���772: Authentication services should be compatible with existing infrastructure and applicationsrb��ÖÅrc��}rd��(h<j_��h=j]��ubaubh≤)Åre��}rf��(h<X@���777: Authorization rules should support common permission levelsrg��h∂K�h=j��h>h?h@hKhB}rh��(hD]hE]hF]hG]hI]uhKK�h7]ri��hUX@���777: Authorization rules should support common permission levelsrj��ÖÅrk��}rl��(h<jg��h=je��ubaubh≤)Årm��}rn��(h<X7���795: System must support revocation of user permissionsro��h∂K�h=j��h>h?h@hKhB}rp��(hD]hE]hF]hG]hI]uhKK�h7]rq��hUX7���795: System must support revocation of user permissionsrr��ÖÅrs��}rt��(h<jo��h=jm��ubaubh≤)Åru��}rv��(h<X?���820: Common API for authentication and authorization operationsrw��h∂K�h=j��h>h?h@hKhB}rx��(hD]hE]hF]hG]hI]uhKK�h7]ry��hUX?���820: Common API for authentication and authorization operationsrz��ÖÅr{��}r|��(h<jw��h=ju��ubaubh≤)År}��}r~��(h<XO���xxx: Group Identifiers are equivalent to user identifiers in all ACL mechanismsr��h∂K�h=j��h>h?h@hKhB}rÄ��(hD]hE]hF]hG]hI]uhKK�h7]rÅ��hUXO���xxx: Group Identifiers are equivalent to user identifiers in all ACL mechanismsrÇ��ÖÅrÉ��}rÑ��(h<j��h=j}��ubaubh≤)ÅrÖ��}rÜ��(h<XR���xxx: Local sites/data owners have ability to generate, populate, and modify groupsrá��h∂K�h=j��h>h?h@hKhB}rà��(hD]hE]hF]hG]hI]uhKK�h7]râ��hUXR���xxx: Local sites/data owners have ability to generate, populate, and modify groupsrä��ÖÅrã��}rå��(h<já��h=jÖ��ubaubh≤)Årç��}ré��(h<XQ���xxx: Group information can be replicated so that all MNs can see it and use it torè��h∂K�h=j��h>h?h@hKhB}rê��(hD]hE]hF]hG]hI]uhKK�h7]rë��hUXQ���xxx: Group information can be replicated so that all MNs can see it and use it torí��ÖÅrì��}rî��(h<jè��h=jç��ubaubh≠)Årï��}rñ��(h<U�hB}ró��(hD]hE]hF]hG]hI]uh=j��h7]rò��h≤)Årô��}rö��(h<X��� enforce ACLSh∂Kh=jï��h>h?h@hKhB}rõ��(hD]hE]hF]hG]hI]uhKK�h7]rú��hUX���enforce ACLSrù��ÖÅrû��}rü��(h<X���enforce ACLSh=jô��ubaubah@hƒubh≤)År†��}r°��(h<X2���xxx: Need clear use cases for administering groupsr¢��h∂K�h=j��h>h?h@hKhB}r£��(hD]hE]hF]hG]hI]uhKK�h7]r§��hUX2���xxx: Need clear use cases for administering groupsr•��ÖÅr¶��}rß��(h<j¢��h=j†��ubaubh≤)År®��}r©��(h<XC���xxx: Need clear business logic for replicating access control listsr™��h∂K�h=j��h>h?h@hKhB}r´��(hD]hE]hF]hG]hI]uhKK�h7]r¨��hUXC���xxx: Need clear business logic for replicating access control listsr≠��ÖÅrÆ��}rØ��(h<j™��h=j®��ubaubh≤)År∞��}r±��(h<XN���xxx: Can access rules for Data Packages that cross operational bounds like MNsr≤��h∂K�h=j��h>h?h@hKhB}r≥��(hD]hE]hF]hG]hI]uhKK�h7]r¥��hUXN���xxx: Can access rules for Data Packages that cross operational bounds like MNsrµ��ÖÅr∂��}r∑��(h<j≤��h=j∞��ubaubh≤)År∏��}rπ��(h<XB���xxx: System should support (and require?) transport-layer securityr∫��h∂K�h=j��h>h?h@hKhB}rª��(hD]hE]hF]hG]hI]uhKK�h7]rº��hUXB���xxx: System should support (and require?) transport-layer securityrΩ��ÖÅræ��}rø��(h<j∫��h=j∏��ubaubh≤)År¿��}r¡��(h<XK���xxx: Need ability/clear policies to transfer ownership of abandoned objectsr¬��h∂K�h=j��h>h?h@hKhB}r√��(hD]hE]hF]hG]hI]uhKK�h7]rƒ��hUXK���xxx: Need ability/clear policies to transfer ownership of abandoned objectsr≈��ÖÅr∆��}r«��(h<j¬��h=j¿��ubaubh≤)År»��}r…��(h<XU���xxx: Support ability to use encryption to ensure restricted access from untrusted MNsr ��h∂K�h=j��h>h?h@hKhB}rÀ��(hD]hE]hF]hG]hI]uhKK�h7]rÃ��hUXU���xxx: Support ability to use encryption to ensure restricted access from untrusted MNsrÕ��ÖÅrŒ��}rœ��(h<j ��h=j»��ubaubh≤)År–��}r—��(h<XG���xxx: Can people with 'SetPermission' revoke access from original ownersr“��h∂K�h=j��h>h?h@hKhB}r”��(hD]hE]hF]hG]hI]uhKK�h7]r‘��hUXG���xxx: Can people with 'SetPermission' revoke access from original ownersr’��ÖÅr÷��}r◊��(h<j“��h=j–��ubaubh≠)Årÿ��}rŸ��(h<U�hB}r⁄��(hD]hE]hF]hG]hI]uh=j��h7]r€��(h≤)År‹��}r›��(h<XN��� -- also does revoking SetPermission priv also revoke the privs for theirh∂Kh=jÿ��h>h?h@hKhB}rfi��(hD]hE]hF]hG]hI]uhKK�h7]rfl��hUXH���-- also does revoking SetPermission priv also revoke the privs for theirr‡��ÖÅr·��}r‚��(h<XH���-- also does revoking SetPermission priv also revoke the privs for theirh=j‹��ubaubh≤)År„��}r‰��(h<X��� granteesh∂Kh=jÿ��h>h?h@hKhB}rÂ��(hD]hE]hF]hG]hI]uhKK�h7]rÊ��hUX���granteesrÁ��ÖÅrË��}rÈ��(h<X���granteesh=j„��ubaubeh@hƒubh≤)ÅrÍ��}rÎ��(h<XT���xxx: Need to establish the default set of permissions in absence of additional rolesrÏ��h∂K�h=j��h>h?h@hKhB}rÌ��(hD]hE]hF]hG]hI]uhKK�h7]rÓ��hUXT���xxx: Need to establish the default set of permissions in absence of additional rolesrÔ��ÖÅr��}rÒ��(h<jÏ��h=jÍ��ubaubh≤)ÅrÚ��}rÛ��(h<XQ���xxx: Need to ensure that deleted accounts can not be replaced by new users (i.e.,rÙ��h∂K�h=j��h>h?h@hKhB}rı��(hD]hE]hF]hG]hI]uhKK�h7]rˆ��hUXQ���xxx: Need to ensure that deleted accounts can not be replaced by new users (i.e.,r˜��ÖÅr¯��}r˘��(h<jÙ��h=jÚ��ubaubh≠)År˙��}r˚��(h<U�hB}r¸��(hD]hE]hF]hG]hI]uh=j��h7]r˝��h≤)År˛��}rˇ��(h<X,��� identities are globally unique over time)h∂Kh=j˙��h>h?h@hKhB}r���(hD]hE]hF]hG]hI]uhKK�h7]r��hUX)���identities are globally unique over time)r��ÖÅr��}r��(h<X)���identities are globally unique over time)h=j˛��ubaubah@hƒubh≤)År��}r��(h<XR���xxx: Curator at institutional level has ability to create accounts for their groupr��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r ��hUXR���xxx: Curator at institutional level has ability to create accounts for their groupr ��ÖÅr��}r��(h<j��h=j��ubaubh≤)År ��}r��(h<X(���xxx: Sites have ability to create groupsr��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUX(���xxx: Sites have ability to create groupsr��ÖÅr��}r��(h<j��h=j ��ubaubh≤)År��}r��(h<XT���xxx: Sensitive data that is encrypted is generally not replicated except possibly tor��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXT���xxx: Sensitive data that is encrypted is generally not replicated except possibly tor��ÖÅr��}r��(h<j��h=j��ubaubh≠)År��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=j��h7]r ��h≤)År!��}r"��(h<X6��� avoid risks of leaks of that information (confused)h∂Kh=j��h>h?h@hKhB}r#��(hD]hE]hF]hG]hI]uhKK�h7]r$��hUX3���avoid risks of leaks of that information (confused)r%��ÖÅr&��}r'��(h<X3���avoid risks of leaks of that information (confused)h=j!��ubaubah@hƒubh≤)År(��}r)��(h<XJ���xxx: Need process for data consumer to request authorization for an objectr*��h∂K�h=j��h>h?h@hKhB}r+��(hD]hE]hF]hG]hI]uhKK�h7]r,��hUXJ���xxx: Need process for data consumer to request authorization for an objectr-��ÖÅr.��}r/��(h<j*��h=j(��ubaubh≤)År0��}r1��(h<XE���xxx: Need process for data owner to receive and evaluate the requestsr2��h∂K�h=j��h>h?h@hKhB}r3��(hD]hE]hF]hG]hI]uhKK�h7]r4��hUXE���xxx: Need process for data owner to receive and evaluate the requestsr5��ÖÅr6��}r7��(h<j2��h=j0��ubaubh≤)År8��}r9��(h<XO���xxx: Need ability to create index of users so that clients can use that list tor:��h∂K�h=j��h>h?h@hKhB}r;��(hD]hE]hF]hG]hI]uhKK�h7]r<��hUXO���xxx: Need ability to create index of users so that clients can use that list tor=��ÖÅr>��}r?��(h<j:��h=j8��ubaubh≠)År@��}rA��(h<U�hB}rB��(hD]hE]hF]hG]hI]uh=j��h7]rC��h≤)ÅrD��}rE��(h<XT��� assign access control rules, and ability to look up Identity for particular usersh∂Kh=j@��h>h?h@hKhB}rF��(hD]hE]hF]hG]hI]uhKK�h7]rG��hUXQ���assign access control rules, and ability to look up Identity for particular usersrH��ÖÅrI��}rJ��(h<XQ���assign access control rules, and ability to look up Identity for particular usersh=jD��ubaubah@hƒubh≤)ÅrK��}rL��(h<X@���xxx: Should be able to assert write without read (controversial)rM��h∂K�h=j��h>h?h@hKhB}rN��(hD]hE]hF]hG]hI]uhKK�h7]rO��hUX@���xxx: Should be able to assert write without read (controversial)rP��ÖÅrQ��}rR��(h<jM��h=jK��ubaubh≤)ÅrS��}rT��(h<XA���xxx: Users should be able to revoke their own access to an objectrU��h∂K�h=j��h>h?h@hKhB}rV��(hD]hE]hF]hG]hI]uhKK�h7]rW��hUXA���xxx: Users should be able to revoke their own access to an objectrX��ÖÅrY��}rZ��(h<jU��h=jS��ubaubh≤)År[��}r\��(h<XQ���xxx: Allow users to create organic, self-created groups (e.g., for a lab or team)r]��h∂K�h=j��h>h?h@hKhB}r^��(hD]hE]hF]hG]hI]uhKK�h7]r_��hUXQ���xxx: Allow users to create organic, self-created groups (e.g., for a lab or team)r`��ÖÅra��}rb��(h<j]��h=j[��ubaubh≤)Årc��}rd��(h<XW���xxx: Should have a user profile page to review/revise a user's own identity, group, andre��h∂K�h=j��h>h?h@hKhB}rf��(hD]hE]hF]hG]hI]uhKK�h7]rg��hUXW���xxx: Should have a user profile page to review/revise a user's own identity, group, andrh��ÖÅri��}rj��(h<je��h=jc��ubaubh≠)Årk��}rl��(h<U�hB}rm��(hD]hE]hF]hG]hI]uh=j��h7]rn��h≤)Åro��}rp��(h<X��� other Identity informationh∂Kh=jk��h>h?h@hKhB}rq��(hD]hE]hF]hG]hI]uhKK�h7]rr��hUX���other Identity informationrs��ÖÅrt��}ru��(h<X���other Identity informationh=jo��ubaubah@hƒubh≤)Årv��}rw��(h<XI���xxx: Nodes need to be able to assert minimum LOA re: who has write accessrx��h∂K�h=j��h>h?h@hKhB}ry��(hD]hE]hF]hG]hI]uhKK�h7]rz��hUXI���xxx: Nodes need to be able to assert minimum LOA re: who has write accessr{��ÖÅr|��}r}��(h<jx��h=jv��ubaubh≤)År~��}r��(h<XQ���xxx: May have need for 'Deny' permissions on access for convenience (but probablyrÄ��h∂K�h=j��h>h?h@hKhB}rÅ��(hD]hE]hF]hG]hI]uhKK�h7]rÇ��hUXQ���xxx: May have need for 'Deny' permissions on access for convenience (but probablyrÉ��ÖÅrÑ��}rÖ��(h<jÄ��h=j~��ubaubh≠)ÅrÜ��}rá��(h<U�hB}rà��(hD]hE]hF]hG]hI]uh=j��h7]râ��h≤)Årä��}rã��(h<X��� lower priority)h∂Kh=jÜ��h>h?h@hKhB}rå��(hD]hE]hF]hG]hI]uhKK�h7]rç��hUX���lower priority)ré��ÖÅrè��}rê��(h<X���lower priority)h=jä��ubaubah@hƒubh≤)Årë��}rí��(h<X+���xxx: People can modify access control rulesrì��h∂K�h=j��h>h?h@hKhB}rî��(hD]hE]hF]hG]hI]uhKK�h7]rï��hUX+���xxx: People can modify access control rulesrñ��ÖÅró��}rò��(h<jì��h=jë��ubaubh≤)Årô��}rö��(h<XP���xxx: Should be able to deposit content with embargo, but should be able to grantrõ��h∂K�h=j��h>h?h@hKhB}rú��(hD]hE]hF]hG]hI]uhKK�h7]rù��hUXP���xxx: Should be able to deposit content with embargo, but should be able to grantrû��ÖÅrü��}r†��(h<jõ��h=jô��ubaubh≠)År°��}r¢��(h<U�hB}r£��(hD]hE]hF]hG]hI]uh=j��h7]r§��(h≤)År•��}r¶��(h<XR��� anonymous access tokens for access to the data without the owner knowing who ith∂Kh=j°��h>h?h@hKhB}rß��(hD]hE]hF]hG]hI]uhKK�h7]r®��hUXO���anonymous access tokens for access to the data without the owner knowing who itr©��ÖÅr™��}r´��(h<XO���anonymous access tokens for access to the data without the owner knowing who ith=j•��ubaubh≤)År¨��}r≠��(h<XD��� was that had access (use case for anonymous peer review in Dryad)h∂Kh=j°��h>h?h@hKhB}rÆ��(hD]hE]hF]hG]hI]uhKK�h7]rØ��hUXA���was that had access (use case for anonymous peer review in Dryad)r∞��ÖÅr±��}r≤��(h<XA���was that had access (use case for anonymous peer review in Dryad)h=j¨��ubaubeh@hƒubh≤)År≥��}r¥��(h<X0���xxx: Need ability to query what I have access torµ��h∂K�h=j��h>h?h@hKhB}r∂��(hD]hE]hF]hG]hI]uhKK�h7]r∑��hUX0���xxx: Need ability to query what I have access tor∏��ÖÅrπ��}r∫��(h<jµ��h=j≥��ubaubh≤)Årª��}rº��(h<XL���xxx: co-ownership model for permissions is needed for handling co-authorshiprΩ��h∂K�h=j��h>h?h@hKhB}ræ��(hD]hE]hF]hG]hI]uhKK�h7]rø��hUXL���xxx: co-ownership model for permissions is needed for handling co-authorshipr¿��ÖÅr¡��}r¬��(h<jΩ��h=jª��ubaubh≤)År√��}rƒ��(h<X*���xxx: Should groups be able to own objects?r≈��h∂K�h=j��h>h?h@hKhB}r∆��(hD]hE]hF]hG]hI]uhKK�h7]r«��hUX*���xxx: Should groups be able to own objects?r»��ÖÅr…��}r ��(h<j≈��h=j√��ubaubh≤)ÅrÀ��}rÃ��(h<XS���xxx: Need to restrict visibility to objects for which they don't have access in allrÕ��h∂K�h=j��h>h?h@hKhB}rŒ��(hD]hE]hF]hG]hI]uhKK�h7]rœ��hUXS���xxx: Need to restrict visibility to objects for which they don't have access in allr–��ÖÅr—��}r“��(h<jÕ��h=jÀ��ubaubh≠)År”��}r‘��(h<U�hB}r’��(hD]hE]hF]hG]hI]uh=j��h7]r÷��h≤)År◊��}rÿ��(h<X,��� services (e.g., search, listObjects, etc)h∂Kh=j”��h>h?h@hKhB}rŸ��(hD]hE]hF]hG]hI]uhKK�h7]r⁄��hUX)���services (e.g., search, listObjects, etc)r€��ÖÅr‹��}r›��(h<X)���services (e.g., search, listObjects, etc)h=j◊��ubaubah@hƒubh≤)Årfi��}rfl��(h<XR���xxx: Member nodes should be able to restrict data access by individuals on Dept ofr‡��h∂K�h=j��h>h?h@hKhB}r·��(hD]hE]hF]hG]hI]uhKK�h7]r‚��hUXR���xxx: Member nodes should be able to restrict data access by individuals on Dept ofr„��ÖÅr‰��}rÂ��(h<j‡��h=jfi��ubaubh≠)ÅrÊ��}rÁ��(h<U�hB}rË��(hD]hE]hF]hG]hI]uh=j��h7]rÈ��(h≤)ÅrÍ��}rÎ��(h<XR��� Commerce Embargo lists at high LOAs -- possibly determine that we won't supporth∂Kh=jÊ��h>h?h@hKhB}rÏ��(hD]hE]hF]hG]hI]uhKK�h7]rÌ��hUXO���Commerce Embargo lists at high LOAs -- possibly determine that we won't supportrÓ��ÖÅrÔ��}r��(h<XO���Commerce Embargo lists at high LOAs -- possibly determine that we won't supporth=jÍ��ubaubh≤)ÅrÒ��}rÚ��(h<XM��� this, but rather that we state these types of objects must not be uploadedh∂Kh=jÊ��h>h?h@hKhB}rÛ��(hD]hE]hF]hG]hI]uhKK�h7]rÙ��hUXJ���this, but rather that we state these types of objects must not be uploadedrı��ÖÅrˆ��}r˜��(h<XJ���this, but rather that we state these types of objects must not be uploadedh=jÒ��ubaubeh@hƒubh≤)År¯��}r˘��(h<XI���xxx: Anonymous access will be allowed for for publicly accessible objectsr˙��h∂K�h=j��h>h?h@hKhB}r˚��(hD]hE]hF]hG]hI]uhKK�h7]r¸��hUXI���xxx: Anonymous access will be allowed for for publicly accessible objectsr˝��ÖÅr˛��}rˇ��(h<j˙��h=j¯��ubaubh≤)År���}r��(h<XK���xxx: Can groups contain groups, and at what nesting depth? Yes, one level.r��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXK���xxx: Can groups contain groups, and at what nesting depth? Yes, one level.r��ÖÅr��}r��(h<j��h=j���ubaubh≤)År��}r ��(h<XT���xxx: ID and acces control should be easy to use and not present barriers to adoptionr ��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXT���xxx: ID and acces control should be easy to use and not present barriers to adoptionr ��ÖÅr��}r��(h<j ��h=j��ubaubh≠)År��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=j��h7]r��h≤)År��}r��(h<X ��� and useh∂Kh=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUX���and user��ÖÅr��}r��(h<X���and useh=j��ubaubah@hƒubh≤)År��}r��(h<XH���xxx: ID and access control should work in all geopolitical jurisdictionsr��h∂K�h=j��h>h?h@hKhB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXH���xxx: ID and access control should work in all geopolitical jurisdictionsr ��ÖÅr!��}r"��(h<j��h=j��ubaubh≤)År#��}r$��(h<XH���xxx: ID and access control should comply with universal design standardsr%��h∂K�h=j��h>h?h@hKhB}r&��(hD]hE]hF]hG]hI]uhKK�h7]r'��hUXH���xxx: ID and access control should comply with universal design standardsr(��ÖÅr)��}r*��(h<j%��h=j#��ubaubeh@hƒubah@hÖubeh@híubhq)År+��}r,��(h<U�hB}r-��(hD]hE]hF]hG]hI]uh=hïh7]r.��(hv)År/��}r0��(h<U�hB}r1��(hD]hE]hF]hG]hI]uh=j+��h7]r2��h{)År3��}r4��(h<X���Identityr5��h=j/��h>h?h@hhB}r6��(hD]hE]hF]hG]hI]uhKK\h7]r7��hUX���Identityr8��ÖÅr9��}r:��(h<j5��h=j3��ubaubah@hÖubhv)År;��}r<��(h<U�hB}r=��(hD]hE]hF]hG]hI]uh=j+��h7]r>��h≠)År?��}r@��(h<U�hB}rA��(hD]hE]hF]hG]hI]uh=j;��h7]rB��h≤)ÅrC��}rD��(h<XH���392: Identity and access control should be interoperable across datanetsrE��h∂K�h=j?��h>h?h@hKhB}rF��(hD]hE]hF]hG]hI]uhKK�h7]rG��hUXH���392: Identity and access control should be interoperable across datanetsrH��ÖÅrI��}rJ��(h<jE��h=jC��ubaubah@hƒubah@hÖubeh@híubhq)ÅrK��}rL��(h<U�hB}rM��(hD]hE]hF]hG]hI]uh=hïh7]rN��(hv)ÅrO��}rP��(h<U�hB}rQ��(hD]hE]hF]hG]hI]uh=jK��h7]rR��h{)ÅrS��}rT��(h<X���IdentityProvisionrU��h=jO��h>h?h@hhB}rV��(hD]hE]hF]hG]hI]uhKKah7]rW��hUX���IdentityProvisionrX��ÖÅrY��}rZ��(h<jU��h=jS��ubaubah@hÖubhv)År[��}r\��(h<U�hB}r]��(hD]hE]hF]hG]hI]uh=jK��h7]r^��h≠)År_��}r`��(h<U�hB}ra��(hD]hE]hF]hG]hI]uh=j[��h7]rb��(h≤)Årc��}rd��(h<X/���390: Consistent mechanism for identifying usersre��h∂K�h=j_��h>h?h@hKhB}rf��(hD]hE]hF]hG]hI]uhKK�h7]rg��hUX/���390: Consistent mechanism for identifying usersrh��ÖÅri��}rj��(h<je��h=jc��ubaubh≤)Årk��}rl��(h<XE���391: Enable different classes of users commensurate with their roles.rm��h∂K�h=j_��h>h?h@hKhB}rn��(hD]hE]hF]hG]hI]uhKK�h7]ro��hUXE���391: Enable different classes of users commensurate with their roles.rp��ÖÅrq��}rr��(h<jm��h=jk��ubaubh≤)Års��}rt��(h<XR���762: User identities can be derived from existing institutional directory servicesru��h∂K�h=j_��h>h?h@hKhB}rv��(hD]hE]hF]hG]hI]uhKK�h7]rw��hUXR���762: User identities can be derived from existing institutional directory servicesrx��ÖÅry��}rz��(h<ju��h=js��ubaubh≤)År{��}r|��(h<XÜ���771: User identities should have simple string serializations that express both the user identity and namespace from which it is drawnr}��h∂K�h=j_��h>h?h@hKhB}r~��(hD]hE]hF]hG]hI]uhKK�h7]r��hUXÜ���771: User identities should have simple string serializations that express both the user identity and namespace from which it is drawnrÄ��ÖÅrÅ��}rÇ��(h<j}��h=j{��ubaubeh@hƒubah@hÖubeh@híubhq)ÅrÉ��}rÑ��(h<U�hB}rÖ��(hD]hE]hF]hG]hI]uh=hïh7]rÜ��(hv)Årá��}rà��(h<U�hB}râ��(hD]hE]hF]hG]hI]uh=jÉ��h7]rä��h{)Årã��}rå��(h<X���Interoperabilityrç��h=já��h>h?h@hhB}ré��(hD]hE]hF]hG]hI]uhKKih7]rè��hUX���Interoperabilityrê��ÖÅrë��}rí��(h<jç��h=jã��ubaubah@hÖubhv)Årì��}rî��(h<U�hB}rï��(hD]hE]hF]hG]hI]uh=jÉ��h7]rñ��h≠)Åró��}rò��(h<U�hB}rô��(hD]hE]hF]hG]hI]uh=jì��h7]rö��(h≤)Årõ��}rú��(h<XH���392: Identity and access control should be interoperable across datanetsrù��h∂K�h=jó��h>h?h@hKhB}rû��(hD]hE]hF]hG]hI]uhKK�h7]rü��hUXH���392: Identity and access control should be interoperable across datanetsr†��ÖÅr°��}r¢��(h<jù��h=jõ��ubaubh≤)År£��}r§��(h<X0���765: Tools can access an API for authn and authzr•��h∂K�h=jó��h>h?h@hKhB}r¶��(hD]hE]hF]hG]hI]uhKK�h7]rß��hUX0���765: Tools can access an API for authn and authzr®��ÖÅr©��}r™��(h<j•��h=j£��ubaubh≤)År´��}r¨��(h<X?���820: Common API for authentication and authorization operationsr≠��h∂K�h=jó��h>h?h@hKhB}rÆ��(hD]hE]hF]hG]hI]uhKK�h7]rØ��hUX?���820: Common API for authentication and authorization operationsr∞��ÖÅr±��}r≤��(h<j≠��h=j´��ubaubeh@hƒubah@hÖubeh@híubhq)År≥��}r¥��(h<U�hB}rµ��(hD]hE]hF]hG]hI]uh=hïh7]r∂��(hv)År∑��}r∏��(h<U�hB}rπ��(hD]hE]hF]hG]hI]uh=j≥��h7]r∫��h{)Årª��}rº��(h<X���PerformancerΩ��h=j∑��h>h?h@hhB}ræ��(hD]hE]hF]hG]hI]uhKKph7]rø��hUX���Performancer¿��ÖÅr¡��}r¬��(h<jΩ��h=jª��ubaubah@hÖubhv)År√��}rƒ��(h<U�hB}r≈��(hD]hE]hF]hG]hI]uh=j≥��h7]r∆��h≠)År«��}r»��(h<U�hB}r…��(hD]hE]hF]hG]hI]uh=j√��h7]r ��(h≤)ÅrÀ��}rÃ��(h<XK���393: Access control rule evaluation must be highly scalable and responsive.rÕ��h∂K�h=j«��h>h?h@hKhB}rŒ��(hD]hE]hF]hG]hI]uhKK�h7]rœ��hUXK���393: Access control rule evaluation must be highly scalable and responsive.r–��ÖÅr—��}r“��(h<jÕ��h=jÀ��ubaubh≤)År”��}r‘��(h<XL���763: Authentication and authorization services are geographically replicatedr’��h∂K�h=j«��h>h?h@hKhB}r÷��(hD]hE]hF]hG]hI]uhKK�h7]r◊��hUXL���763: Authentication and authorization services are geographically replicatedrÿ��ÖÅrŸ��}r⁄��(h<j’��h=j”��ubaubh≤)År€��}r‹��(h<XG���764: Authentication and access control should be consistently availabler›��h∂K�h=j«��h>h?h@hKhB}rfi��(hD]hE]hF]hG]hI]uhKK�h7]rfl��hUXG���764: Authentication and access control should be consistently availabler‡��ÖÅr·��}r‚��(h<j›��h=j€��ubaubeh@hƒubah@hÖubeh@híubeh@Utbodyr„��ubeh@Utgroupr‰��ubaubh9)ÅrÂ��}rÊ��(h<U�h=h:h>h?h@hAhB}rÁ��(hD]hE]hF]hG]rË��h1ahI]rÈ��hauhKKyhLhh7]rÍ��(hN)ÅrÎ��}rÏ��(h<X/���390: Consistent mechanism for identifying usersrÌ��h=jÂ��h>h?h@hRhB}rÓ��(hD]hE]hF]hG]hI]uhKKyhLhh7]rÔ��hUX/���390: Consistent mechanism for identifying usersr��ÖÅrÒ��}rÚ��(h<jÌ��h=jÎ��ubaubcdocutils.nodes field_list rÛ��)ÅrÙ��}rı��(h<U�h=jÂ��h>h?h@U field_listrˆ��hB}r˜��(hD]hE]hF]hG]hI]uhKK{hLhh7]r¯��cdocutils.nodes field r˘��)År˙��}r˚��(h<U�h=jÙ��h>h?h@Ufieldr¸��hB}r˝��(hD]hE]hF]hG]hI]uhKK{hLhh7]r˛��(cdocutils.nodes field_name rˇ��)År���}r��(h<X���IDr��h=j˙��h>h?h@U field_namer��hB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUX���IDr��ÖÅr��}r��(h<j��h=j���ubaubcdocutils.nodes field_body r ��)År ��}r��(h<X$���https://trac.dataone.org/ticket/390 hB}r��(hD]hE]hF]hG]hI]uh=j˙��h7]r ��h{)År��}r��(h<X#���https://trac.dataone.org/ticket/390r��h=j ��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKK{h7]r��cdocutils.nodes reference r��)År��}r��(h<j��hB}r��(Urefurij��hG]hF]hD]hE]hI]uh=j��h7]r��hUX#���https://trac.dataone.org/ticket/390r��ÖÅr��}r��(h<U�h=j��ubah@U referencer��ubaubah@U field_bodyr��ubeubaubh{)År��}r��(h<Xz��It is necessary to provide a mechanism for users to be identified in the DataONE system. There are several distinct roles that need to be supported for users.Rationale: Identity of users, contributors and other participants in DataONE is necessary to ensure appropriate policies for data sharing (read, write), attribution, and notification (e.g. subscription to types of data).r��h=jÂ��h>h?h@hhB}r ��(hD]hE]hF]hG]hI]uhKK}hLhh7]r!��hUXz��It is necessary to provide a mechanism for users to be identified in the DataONE system. There are several distinct roles that need to be supported for users.Rationale: Identity of users, contributors and other participants in DataONE is necessary to ensure appropriate policies for data sharing (read, write), attribution, and notification (e.g. subscription to types of data).r"��ÖÅr#��}r$��(h<j��h=j��ubaubh{)År%��}r&��(h<X���Fit Criteriar'��h=jÂ��h>h?h@hhB}r(��(hD]hE]hF]hG]hI]uhKKhLhh7]r)��hUX���Fit Criteriar*��ÖÅr+��}r,��(h<j'��h=j%��ubaubcdocutils.nodes block_quote r-��)År.��}r/��(h<U�h=jÂ��h>Nh@Ublock_quoter0��hB}r1��(hD]hE]hF]hG]hI]uhKNhLhh7]r2��cdocutils.nodes bullet_list r3��)År4��}r5��(h<U�hB}r6��(Ubulletr7��X���*hG]hF]hD]hE]hI]uh=j.��h7]r8��(cdocutils.nodes list_item r9��)År:��}r;��(h<X3���Users can identify themselves in the DataONE systemr<��hB}r=��(hD]hE]hF]hG]hI]uh=j4��h7]r>��h{)År?��}r@��(h<j<��h=j:��h>h?h@hhB}rA��(hD]hE]hF]hG]hI]uhKKÅh7]rB��hUX3���Users can identify themselves in the DataONE systemrC��ÖÅrD��}rE��(h<j<��h=j?��ubaubah@U list_itemrF��ubj9��)ÅrG��}rH��(h<Xú���Identity is consistent across all nodes (i.e. identity associated with an object is consistent regardless of where the object is retrieved from or acted on)rI��hB}rJ��(hD]hE]hF]hG]hI]uh=j4��h7]rK��h{)ÅrL��}rM��(h<jI��h=jG��h>h?h@hhB}rN��(hD]hE]hF]hG]hI]uhKKÇh7]rO��hUXú���Identity is consistent across all nodes (i.e. identity associated with an object is consistent regardless of where the object is retrieved from or acted on)rP��ÖÅrQ��}rR��(h<jI��h=jL��ubaubah@jF��ubj9��)ÅrS��}rT��(h<X;���Users can associate various accounts with a single identityrU��hB}rV��(hD]hE]hF]hG]hI]uh=j4��h7]rW��h{)ÅrX��}rY��(h<jU��h=jS��h>h?h@hhB}rZ��(hD]hE]hF]hG]hI]uhKKÉh7]r[��hUX;���Users can associate various accounts with a single identityr\��ÖÅr]��}r^��(h<jU��h=jX��ubaubah@jF��ubj9��)År_��}r`��(h<XO���Identity information is sufficient to ensure appropriate attribution to contentra��hB}rb��(hD]hE]hF]hG]hI]uh=j4��h7]rc��h{)Ård��}re��(h<ja��h=j_��h>h?h@hhB}rf��(hD]hE]hF]hG]hI]uhKKÑh7]rg��hUXO���Identity information is sufficient to ensure appropriate attribution to contentrh��ÖÅri��}rj��(h<ja��h=jd��ubaubah@jF��ubj9��)Årk��}rl��(h<X|���Authentication and authorization mechanisms are recognized consistently by all participant nodes and services of the cicore.rm��hB}rn��(hD]hE]hF]hG]hI]uh=j4��h7]ro��h{)Årp��}rq��(h<jm��h=jk��h>h?h@hhB}rr��(hD]hE]hF]hG]hI]uhKKÖh7]rs��hUX|���Authentication and authorization mechanisms are recognized consistently by all participant nodes and services of the cicore.rt��ÖÅru��}rv��(h<jm��h=jp��ubaubah@jF��ubj9��)Årw��}rx��(h<Xç���Existing user directories in use in environmental science community can directly contribute identities (not "yet another" identity system) hB}ry��(hD]hE]hF]hG]hI]uh=j4��h7]rz��h{)År{��}r|��(h<Xä���Existing user directories in use in environmental science community can directly contribute identities (not "yet another" identity system)r}��h=jw��h>h?h@hhB}r~��(hD]hE]hF]hG]hI]uhKKÜh7]r��hUXä���Existing user directories in use in environmental science community can directly contribute identities (not "yet another" identity system)rÄ��ÖÅrÅ��}rÇ��(h<j}��h=j{��ubaubah@jF��ubeh@Ubullet_listrÉ��ubaubeubh9)ÅrÑ��}rÖ��(h<U�h=h:h>h?h@hAhB}rÜ��(hD]hE]hF]hG]rá��h/ahI]rà��hauhKKãhLhh7]râ��(hN)Årä��}rã��(h<XE���391: Enable different classes of users commensurate with their roles.rå��h=jÑ��h>h?h@hRhB}rç��(hD]hE]hF]hG]hI]uhKKãhLhh7]ré��hUXE���391: Enable different classes of users commensurate with their roles.rè��ÖÅrê��}rë��(h<jå��h=jä��ubaubjÛ��)Årí��}rì��(h<U�h=jÑ��h>h?h@jˆ��hB}rî��(hD]hE]hF]hG]hI]uhKKçhLhh7]rï��j˘��)Årñ��}ró��(h<U�h=jí��h>h?h@j¸��hB}rò��(hD]hE]hF]hG]hI]uhKKçhLhh7]rô��(jˇ��)Årö��}rõ��(h<X���IDrú��h=jñ��h>h?h@j��hB}rù��(hD]hE]hF]hG]hI]uhKK�h7]rû��hUX���IDrü��ÖÅr†��}r°��(h<jú��h=jö��ubaubj ��)År¢��}r£��(h<X$���https://trac.dataone.org/ticket/391 hB}r§��(hD]hE]hF]hG]hI]uh=jñ��h7]r•��h{)År¶��}rß��(h<X#���https://trac.dataone.org/ticket/391r®��h=j¢��h>h?h@hhB}r©��(hD]hE]hF]hG]hI]uhKKçh7]r™��j��)År´��}r¨��(h<j®��hB}r≠��(Urefurij®��hG]hF]hD]hE]hI]uh=j¶��h7]rÆ��hUX#���https://trac.dataone.org/ticket/391rØ��ÖÅr∞��}r±��(h<U�h=j´��ubah@j��ubaubah@j��ubeubaubh{)År≤��}r≥��(h<Xˇ���There are several types of users that will be interacting with the DataONE infrastructure, as such it is necessary to ensure that user roles can be supported by the identity management infrastructure. Closely related to https://trac.dataone.org/ticket/390r¥��h=jÑ��h>h?h@hhB}rµ��(hD]hE]hF]hG]hI]uhKKèhLhh7]r∂��(hUX‹���There are several types of users that will be interacting with the DataONE infrastructure, as such it is necessary to ensure that user roles can be supported by the identity management infrastructure. Closely related to r∑��ÖÅr∏��}rπ��(h<X‹���There are several types of users that will be interacting with the DataONE infrastructure, as such it is necessary to ensure that user roles can be supported by the identity management infrastructure. Closely related to h=j≤��ubj��)År∫��}rª��(h<X#���https://trac.dataone.org/ticket/390rº��hB}rΩ��(Urefurijº��hG]hF]hD]hE]hI]uh=j≤��h7]ræ��hUX#���https://trac.dataone.org/ticket/390rø��ÖÅr¿��}r¡��(h<U�h=j∫��ubah@j��ubeubh{)År¬��}r√��(h<Xp��Rationale: Different user classes or groups provides an effective mechanismfor indicating the types of interaction that might be supported by the system. The alternative is to specifically assign privileges for each user - an approach that is inefficient and potentially insecure as it is easy to miss an individual when setting privileges for a large number of users.rƒ��h=jÑ��h>h?h@hhB}r≈��(hD]hE]hF]hG]hI]uhKKëhLhh7]r∆��hUXp��Rationale: Different user classes or groups provides an effective mechanismfor indicating the types of interaction that might be supported by the system. The alternative is to specifically assign privileges for each user - an approach that is inefficient and potentially insecure as it is easy to miss an individual when setting privileges for a large number of users.r«��ÖÅr»��}r…��(h<jƒ��h=j¬��ubaubj-��)År ��}rÀ��(h<U�h=jÑ��h>Nh@j0��hB}rÃ��(hD]hE]hF]hG]hI]uhKNhLhh7]rÕ��(h{)ÅrŒ��}rœ��(h<X ���Fit Criteriar–��h=j ��h>h?h@hhB}r—��(hD]hE]hF]hG]hI]uhKKïh7]r“��hUX ���Fit Criteriar”��ÖÅr‘��}r’��(h<j–��h=jŒ��ubaubj3��)År÷��}r◊��(h<U�hB}rÿ��(j7��X���*hG]hF]hD]hE]hI]uh=j ��h7]rŸ��(j9��)År⁄��}r€��(h<XÑ���A well defined set of standard groups is identified and can be easily manage (e.g. administrators, data contributors, data readers) hB}r‹��(hD]hE]hF]hG]hI]uh=j÷��h7]r›��h{)Årfi��}rfl��(h<XÉ���A well defined set of standard groups is identified and can be easily manage (e.g. administrators, data contributors, data readers)r‡��h=j⁄��h>h?h@hhB}r·��(hD]hE]hF]hG]hI]uhKKóh7]r‚��hUXÉ���A well defined set of standard groups is identified and can be easily manage (e.g. administrators, data contributors, data readers)r„��ÖÅr‰��}rÂ��(h<j‡��h=jfi��ubaubah@jF��ubj9��)ÅrÊ��}rÁ��(h<X1���Users can be assigned to and removed from groups hB}rË��(hD]hE]hF]hG]hI]uh=j÷��h7]rÈ��h{)ÅrÍ��}rÎ��(h<X0���Users can be assigned to and removed from groupsrÏ��h=jÊ��h>h?h@hhB}rÌ��(hD]hE]hF]hG]hI]uhKKôh7]rÓ��hUX0���Users can be assigned to and removed from groupsrÔ��ÖÅr��}rÒ��(h<jÏ��h=jÍ��ubaubah@jF��ubj9��)ÅrÚ��}rÛ��(h<XI���Additional groups can be created to support group functions as necessary hB}rÙ��(hD]hE]hF]hG]hI]uh=j÷��h7]rı��h{)Årˆ��}r˜��(h<XH���Additional groups can be created to support group functions as necessaryr¯��h=jÚ��h>h?h@hhB}r˘��(hD]hE]hF]hG]hI]uhKKõh7]r˙��hUXH���Additional groups can be created to support group functions as necessaryr˚��ÖÅr¸��}r˝��(h<j¯��h=jˆ��ubaubah@jF��ubj9��)År˛��}rˇ��(h<Xu���Users can create their own groups for ad-hoc collaboration when needed and without approval of system administrators hB}r���(hD]hE]hF]hG]hI]uh=j÷��h7]r��h{)År��}r��(h<Xt���Users can create their own groups for ad-hoc collaboration when needed and without approval of system administratorsr��h=j˛��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKKùh7]r��hUXt���Users can create their own groups for ad-hoc collaboration when needed and without approval of system administratorsr��ÖÅr��}r ��(h<j��h=j��ubaubah@jF��ubj9��)År ��}r��(h<XM���Access control rules can be associated with groups and operate as expected. hB}r��(hD]hE]hF]hG]hI]uh=j÷��h7]r ��h{)År��}r��(h<XK���Access control rules can be associated with groups and operate as expected.r��h=j ��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKKüh7]r��hUXK���Access control rules can be associated with groups and operate as expected.r��ÖÅr��}r��(h<j��h=j��ubaubah@jF��ubeh@jÉ��ubeubeubh9)År��}r��(h<U�h=h:h>h?h@hAhB}r��(hD]hE]hF]hG]r��h(ahI]r��hauhKK£hLhh7]r��(hN)År��}r��(h<XH���392: Identity and access control should be interoperable across datanetsr��h=j��h>h?h@hRhB}r��(hD]hE]hF]hG]hI]uhKK£hLhh7]r ��hUXH���392: Identity and access control should be interoperable across datanetsr!��ÖÅr"��}r#��(h<j��h=j��ubaubjÛ��)År$��}r%��(h<U�h=j��h>h?h@jˆ��hB}r&��(hD]hE]hF]hG]hI]uhKK•hLhh7]r'��j˘��)År(��}r)��(h<U�h=j$��h>h?h@j¸��hB}r*��(hD]hE]hF]hG]hI]uhKK•hLhh7]r+��(jˇ��)År,��}r-��(h<X���IDr.��h=j(��h>h?h@j��hB}r/��(hD]hE]hF]hG]hI]uhKK�h7]r0��hUX���IDr1��ÖÅr2��}r3��(h<j.��h=j,��ubaubj ��)År4��}r5��(h<X$���https://trac.dataone.org/ticket/392 hB}r6��(hD]hE]hF]hG]hI]uh=j(��h7]r7��h{)År8��}r9��(h<X#���https://trac.dataone.org/ticket/392r:��h=j4��h>h?h@hhB}r;��(hD]hE]hF]hG]hI]uhKK•h7]r<��j��)År=��}r>��(h<j:��hB}r?��(Urefurij:��hG]hF]hD]hE]hI]uh=j8��h7]r@��hUX#���https://trac.dataone.org/ticket/392rA��ÖÅrB��}rC��(h<U�h=j=��ubah@j��ubaubah@j��ubeubaubh{)ÅrD��}rE��(h<XT��There is a general requirement / suggestion by NSF that there should be interoperability between the various DataNet projects. Rationale: It seems like identity and access control is a good place where considerable value can be demonstrated to the user community if credentials and access control rules worked across the data net projects.rF��h=j��h>h?h@hhB}rG��(hD]hE]hF]hG]hI]uhKKßhLhh7]rH��hUXT��There is a general requirement / suggestion by NSF that there should be interoperability between the various DataNet projects. Rationale: It seems like identity and access control is a good place where considerable value can be demonstrated to the user community if credentials and access control rules worked across the data net projects.rI��ÖÅrJ��}rK��(h<jF��h=jD��ubaubcdocutils.nodes definition_list rL��)ÅrM��}rN��(h<U�h=j��h>Nh@Udefinition_listrO��hB}rP��(hD]hE]hF]hG]hI]uhKNhLhh7]rQ��cdocutils.nodes definition_list_item rR��)ÅrS��}rT��(h<X≥���Fit Criteria * Users can sign into DataONE and DC with the same credentials * Once signed in to DataONE, access to DC services is seamless (no additional authentication required) h=jM��h>h?h@Udefinition_list_itemrU��hB}rV��(hD]hE]hF]hG]hI]uhKK´h7]rW��(cdocutils.nodes term rX��)ÅrY��}rZ��(h<X���Fit Criteriar[��h=jS��h>h?h@Utermr\��hB}r]��(hD]hE]hF]hG]hI]uhKK´h7]r^��hUX���Fit Criteriar_��ÖÅr`��}ra��(h<j[��h=jY��ubaubcdocutils.nodes definition rb��)Årc��}rd��(h<U�hB}re��(hD]hE]hF]hG]hI]uh=jS��h7]rf��j3��)Årg��}rh��(h<U�hB}ri��(j7��X���*hG]hF]hD]hE]hI]uh=jc��h7]rj��(j9��)Årk��}rl��(h<X<���Users can sign into DataONE and DC with the same credentialsrm��hB}rn��(hD]hE]hF]hG]hI]uh=jg��h7]ro��h{)Årp��}rq��(h<jm��h=jk��h>h?h@hhB}rr��(hD]hE]hF]hG]hI]uhKK™h7]rs��hUX<���Users can sign into DataONE and DC with the same credentialsrt��ÖÅru��}rv��(h<jm��h=jp��ubaubah@jF��ubj9��)Årw��}rx��(h<Xe���Once signed in to DataONE, access to DC services is seamless (no additional authentication required) hB}ry��(hD]hE]hF]hG]hI]uh=jg��h7]rz��h{)År{��}r|��(h<Xd���Once signed in to DataONE, access to DC services is seamless (no additional authentication required)r}��h=jw��h>h?h@hhB}r~��(hD]hE]hF]hG]hI]uhKK´h7]r��hUXd���Once signed in to DataONE, access to DC services is seamless (no additional authentication required)rÄ��ÖÅrÅ��}rÇ��(h<j}��h=j{��ubaubah@jF��ubeh@jÉ��ubah@U definitionrÉ��ubeubaubeubh9)ÅrÑ��}rÖ��(h<U�h=h:h>h?h@hAhB}rÜ��(hD]hE]hF]hG]rá��h2ahI]rà��hauhKKÆhLhh7]râ��(hN)Årä��}rã��(h<XK���393: Access control rule evaluation must be highly scalable and responsive.rå��h=jÑ��h>h?h@hRhB}rç��(hD]hE]hF]hG]hI]uhKKÆhLhh7]ré��hUXK���393: Access control rule evaluation must be highly scalable and responsive.rè��ÖÅrê��}rë��(h<jå��h=jä��ubaubjÛ��)Årí��}rì��(h<U�h=jÑ��h>h?h@jˆ��hB}rî��(hD]hE]hF]hG]hI]uhKK∞hLhh7]rï��j˘��)Årñ��}ró��(h<U�h=jí��h>h?h@j¸��hB}rò��(hD]hE]hF]hG]hI]uhKK∞hLhh7]rô��(jˇ��)Årö��}rõ��(h<X���IDrú��h=jñ��h>h?h@j��hB}rù��(hD]hE]hF]hG]hI]uhKK�h7]rû��hUX���IDrü��ÖÅr†��}r°��(h<jú��h=jö��ubaubj ��)År¢��}r£��(h<X$���https://trac.dataone.org/ticket/393 hB}r§��(hD]hE]hF]hG]hI]uh=jñ��h7]r•��h{)År¶��}rß��(h<X#���https://trac.dataone.org/ticket/393r®��h=j¢��h>h?h@hhB}r©��(hD]hE]hF]hG]hI]uhKK∞h7]r™��j��)År´��}r¨��(h<j®��hB}r≠��(Urefurij®��hG]hF]hD]hE]hI]uh=j¶��h7]rÆ��hUX#���https://trac.dataone.org/ticket/393rØ��ÖÅr∞��}r±��(h<U�h=j´��ubah@j��ubaubah@j��ubeubaubh{)År≤��}r≥��(h<X8��Access control for objects is evaluated for every object access in the DataONE infrastructure. As such, the mechanisms used to determine if a particular token (i.e. handle to an authenticated principle) must be very efficient and should not offer a barrier to the desired levels of access control in the system.r¥��h=jÑ��h>h?h@hhB}rµ��(hD]hE]hF]hG]hI]uhKK≤hLhh7]r∂��hUX8��Access control for objects is evaluated for every object access in the DataONE infrastructure. As such, the mechanisms used to determine if a particular token (i.e. handle to an authenticated principle) must be very efficient and should not offer a barrier to the desired levels of access control in the system.r∑��ÖÅr∏��}rπ��(h<j¥��h=j≤��ubaubh{)År∫��}rª��(h<X ���Rationalerº��h=jÑ��h>h?h@hhB}rΩ��(hD]hE]hF]hG]hI]uhKK¥hLhh7]ræ��hUX ���Rationalerø��ÖÅr¿��}r¡��(h<jº��h=j∫��ubaubh{)År¬��}r√��(h<Xe���Access control should not be an impediment to effective use of the content available through DataONE.rƒ��h=jÑ��h>h?h@hhB}r≈��(hD]hE]hF]hG]hI]uhKK∂hLhh7]r∆��hUXe���Access control should not be an impediment to effective use of the content available through DataONE.r«��ÖÅr»��}r…��(h<jƒ��h=j¬��ubaubh{)År ��}rÀ��(h<X���Fit CriteriarÃ��h=jÑ��h>h?h@hhB}rÕ��(hD]hE]hF]hG]hI]uhKK∏hLhh7]rŒ��hUX���Fit Criteriarœ��ÖÅr–��}r—��(h<jÃ��h=j ��ubaubj-��)År“��}r”��(h<U�h=jÑ��h>Nh@j0��hB}r‘��(hD]hE]hF]hG]hI]uhKNhLhh7]r’��j3��)År÷��}r◊��(h<U�hB}rÿ��(j7��X���*hG]hF]hD]hE]hI]uh=j“��h7]rŸ��(j9��)År⁄��}r€��(h<XU���Access control rules can be evaluted for any token in an average of xxx milliseconds hB}r‹��(hD]hE]hF]hG]hI]uh=j÷��h7]r›��h{)Årfi��}rfl��(h<XT���Access control rules can be evaluted for any token in an average of xxx millisecondsr‡��h=j⁄��h>h?h@hhB}r·��(hD]hE]hF]hG]hI]uhKK∫h7]r‚��hUXT���Access control rules can be evaluted for any token in an average of xxx millisecondsr„��ÖÅr‰��}rÂ��(h<j‡��h=jfi��ubaubah@jF��ubj9��)ÅrÊ��}rÁ��(h<XL���Access control rules must not take longer than xxx milliseconds to evaluate hB}rË��(hD]hE]hF]hG]hI]uh=j÷��h7]rÈ��h{)ÅrÍ��}rÎ��(h<XK���Access control rules must not take longer than xxx milliseconds to evaluaterÏ��h=jÊ��h>h?h@hhB}rÌ��(hD]hE]hF]hG]hI]uhKKºh7]rÓ��hUXK���Access control rules must not take longer than xxx milliseconds to evaluaterÔ��ÖÅr��}rÒ��(h<jÏ��h=jÍ��ubaubah@jF��ubj9��)ÅrÚ��}rÛ��(h<XY���Access control must not block critical operations (e.g replications, synchronization) hB}rÙ��(hD]hE]hF]hG]hI]uh=j÷��h7]rı��h{)Årˆ��}r˜��(h<XU���Access control must not block critical operations (e.g replications, synchronization)r¯��h=jÚ��h>h?h@hhB}r˘��(hD]hE]hF]hG]hI]uhKKæh7]r˙��hUXU���Access control must not block critical operations (e.g replications, synchronization)r˚��ÖÅr¸��}r˝��(h<j¯��h=jˆ��ubaubah@jF��ubeh@jÉ��ubaubeubh9)År˛��}rˇ��(h<U�h=h:h>h?h@hAhB}r���(hD]hE]hF]hG]r��h3ahI]r��hauhKKƒhLhh7]r��(hN)År��}r��(h<Xw���761: Users can specify authorization rules for data objects, science metadata objects, and process artifacts separatelyr��h=j˛��h>h?h@hRhB}r��(hD]hE]hF]hG]hI]uhKKƒhLhh7]r��hUXw���761: Users can specify authorization rules for data objects, science metadata objects, and process artifacts separatelyr ��ÖÅr ��}r��(h<j��h=j��ubaubjÛ��)År��}r ��(h<U�h=j˛��h>h?h@jˆ��hB}r��(hD]hE]hF]hG]hI]uhKK∆hLhh7]r��j˘��)År��}r��(h<U�h=j��h>h?h@j¸��hB}r��(hD]hE]hF]hG]hI]uhKK∆hLhh7]r��(jˇ��)År��}r��(h<X���IDr��h=j��h>h?h@j��hB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUX���IDr��ÖÅr��}r��(h<j��h=j��ubaubj ��)År��}r��(h<X$���https://trac.dataone.org/ticket/761 hB}r��(hD]hE]hF]hG]hI]uh=j��h7]r��h{)År ��}r!��(h<X#���https://trac.dataone.org/ticket/761r"��h=j��h>h?h@hhB}r#��(hD]hE]hF]hG]hI]uhKK∆h7]r$��j��)År%��}r&��(h<j"��hB}r'��(Urefurij"��hG]hF]hD]hE]hI]uh=j ��h7]r(��hUX#���https://trac.dataone.org/ticket/761r)��ÖÅr*��}r+��(h<U�h=j%��ubah@j��ubaubah@j��ubeubaubh{)År,��}r-��(h<XP��Users might be able to upload data and science metadata as an atomic operation, but each should be identified separately and access control rules should apply to the objects separately. For example, a user could grant public read access to a metadata object but only grant read access to certain colleagues for associated data objects.r.��h=j˛��h>h?h@hhB}r/��(hD]hE]hF]hG]hI]uhKK»hLhh7]r0��hUXP��Users might be able to upload data and science metadata as an atomic operation, but each should be identified separately and access control rules should apply to the objects separately. For example, a user could grant public read access to a metadata object but only grant read access to certain colleagues for associated data objects.r1��ÖÅr2��}r3��(h<j.��h=j,��ubaubh{)År4��}r5��(h<X¥���Rationale: Enabling access control at the same level of granularity of objects in the system ensures that complete control over object conglomerations (packages, etc) is available.r6��h=j˛��h>h?h@hhB}r7��(hD]hE]hF]hG]hI]uhKK hLhh7]r8��hUX¥���Rationale: Enabling access control at the same level of granularity of objects in the system ensures that complete control over object conglomerations (packages, etc) is available.r9��ÖÅr:��}r;��(h<j6��h=j4��ubaubjL��)År<��}r=��(h<U�h=j˛��h>Nh@jO��hB}r>��(hD]hE]hF]hG]hI]uhKNhLhh7]r?��jR��)År@��}rA��(h<Xø���Fit Criteria * All objects in the system have access control rules * Separate rules can be associated with the elements of a package during operations at the package level (e.g. ``create``) h=j<��h>h?h@jU��hB}rB��(hD]hE]hF]hG]hI]uhKK–h7]rC��(jX��)ÅrD��}rE��(h<X���Fit CriteriarF��h=j@��h>h?h@j\��hB}rG��(hD]hE]hF]hG]hI]uhKK–h7]rH��hUX���Fit CriteriarI��ÖÅrJ��}rK��(h<jF��h=jD��ubaubjb��)ÅrL��}rM��(h<U�hB}rN��(hD]hE]hF]hG]hI]uh=j@��h7]rO��j3��)ÅrP��}rQ��(h<U�hB}rR��(j7��X���*hG]hF]hD]hE]hI]uh=jL��h7]rS��(j9��)ÅrT��}rU��(h<X3���All objects in the system have access control rulesrV��hB}rW��(hD]hE]hF]hG]hI]uh=jP��h7]rX��h{)ÅrY��}rZ��(h<jV��h=jT��h>h?h@hhB}r[��(hD]hE]hF]hG]hI]uhKKŒh7]r\��hUX3���All objects in the system have access control rulesr]��ÖÅr^��}r_��(h<jV��h=jY��ubaubah@jF��ubj9��)År`��}ra��(h<Xz���Separate rules can be associated with the elements of a package during operations at the package level (e.g. ``create``) hB}rb��(hD]hE]hF]hG]hI]uh=jP��h7]rc��h{)Ård��}re��(h<Xx���Separate rules can be associated with the elements of a package during operations at the package level (e.g. ``create``)h=j`��h>h?h@hhB}rf��(hD]hE]hF]hG]hI]uhKKœh7]rg��(hUXm���Separate rules can be associated with the elements of a package during operations at the package level (e.g. rh��ÖÅri��}rj��(h<Xm���Separate rules can be associated with the elements of a package during operations at the package level (e.g. h=jd��ubcdocutils.nodes literal rk��)Årl��}rm��(h<X ���``create``hB}rn��(hD]hE]hF]hG]hI]uh=jd��h7]ro��hUX���createrp��ÖÅrq��}rr��(h<U�h=jl��ubah@Uliteralrs��ubhUX���)ÖÅrt��}ru��(h<X���)h=jd��ubeubah@jF��ubeh@jÉ��ubah@jÉ��ubeubaubeubh9)Årv��}rw��(h<U�h=h:h>h?h@hAhB}rx��(hD]hE]hF]hG]ry��h4ahI]rz��hauhKK”hLhh7]r{��(hN)År|��}r}��(h<XR���762: User identities can be derived from existing institutional directory servicesr~��h=jv��h>h?h@hRhB}r��(hD]hE]hF]hG]hI]uhKK”hLhh7]rÄ��hUXR���762: User identities can be derived from existing institutional directory servicesrÅ��ÖÅrÇ��}rÉ��(h<j~��h=j|��ubaubjÛ��)ÅrÑ��}rÖ��(h<U�h=jv��h>h?h@jˆ��hB}rÜ��(hD]hE]hF]hG]hI]uhKK’hLhh7]rá��j˘��)Årà��}râ��(h<U�h=jÑ��h>h?h@j¸��hB}rä��(hD]hE]hF]hG]hI]uhKK’hLhh7]rã��(jˇ��)Årå��}rç��(h<X���IDré��h=jà��h>h?h@j��hB}rè��(hD]hE]hF]hG]hI]uhKK�h7]rê��hUX���IDrë��ÖÅrí��}rì��(h<jé��h=jå��ubaubj ��)Årî��}rï��(h<X$���https://trac.dataone.org/ticket/762 hB}rñ��(hD]hE]hF]hG]hI]uh=jà��h7]ró��h{)Årò��}rô��(h<X#���https://trac.dataone.org/ticket/762rö��h=jî��h>h?h@hhB}rõ��(hD]hE]hF]hG]hI]uhKK’h7]rú��j��)Årù��}rû��(h<jö��hB}rü��(Urefurijö��hG]hF]hD]hE]hI]uh=jò��h7]r†��hUX#���https://trac.dataone.org/ticket/762r°��ÖÅr¢��}r£��(h<U�h=jù��ubah@j��ubaubah@j��ubeubaubh{)År§��}r•��(h<XH��Many existing directory services are in use in the environmental sciences, and participating member nodes should be able to expose their directories through a standardized mechanism to allow users to make use of existing identities. For example, the KNB LDAP server is a federation of multiple LDAP systems from around the world, and these identities have been used in access rules for many existing objects.Rationale: Re-use of existing infrastructure reduces cost of participation and minimizes confusion over which accounts to use and which rules are associated with what account.r¶��h=jv��h>h?h@hhB}rß��(hD]hE]hF]hG]hI]uhKK◊hLhh7]r®��hUXH��Many existing directory services are in use in the environmental sciences, and participating member nodes should be able to expose their directories through a standardized mechanism to allow users to make use of existing identities. For example, the KNB LDAP server is a federation of multiple LDAP systems from around the world, and these identities have been used in access rules for many existing objects.Rationale: Re-use of existing infrastructure reduces cost of participation and minimizes confusion over which accounts to use and which rules are associated with what account.r©��ÖÅr™��}r´��(h<j¶��h=j§��ubaubh{)År¨��}r≠��(h<X���Fit CriteriarÆ��h=jv��h>h?h@hhB}rØ��(hD]hE]hF]hG]hI]uhKKŸhLhh7]r∞��hUX���Fit Criteriar±��ÖÅr≤��}r≥��(h<jÆ��h=j¨��ubaubj-��)År¥��}rµ��(h<U�h=jv��h>Nh@j0��hB}r∂��(hD]hE]hF]hG]hI]uhKNhLhh7]r∑��j3��)År∏��}rπ��(h<U�hB}r∫��(j7��X���*hG]hF]hD]hE]hI]uh=j¥��h7]rª��(j9��)Årº��}rΩ��(h<X·���The system provides a mechanism for exsiting directory services to join * The system provides a namespacing mechanism to differentiate users with the same id in different original directories (e.g., mjones@LTER, mjones@UCNRS)ræ��hB}rø��(hD]hE]hF]hG]hI]uh=j∏��h7]r¿��h{)År¡��}r¬��(h<jæ��h=jº��h>h?h@hhB}r√��(hD]hE]hF]hG]hI]uhKK€h7]rƒ��(hUX«���The system provides a mechanism for exsiting directory services to join * The system provides a namespacing mechanism to differentiate users with the same id in different original directories (e.g., r≈��ÖÅr∆��}r«��(h<X«���The system provides a mechanism for exsiting directory services to join * The system provides a namespacing mechanism to differentiate users with the same id in different original directories (e.g., h=j¡��ubj��)År»��}r…��(h<X���mjones@LTERhB}r ��(UrefuriX���mailto:mjones@LTERhG]hF]hD]hE]hI]uh=j¡��h7]rÀ��hUX���mjones@LTERrÃ��ÖÅrÕ��}rŒ��(h<U�h=j»��ubah@j��ubhUX���, rœ��ÖÅr–��}r—��(h<X���, h=j¡��ubj��)År“��}r”��(h<X���mjones@UCNRShB}r‘��(UrefuriX���mailto:mjones@UCNRShG]hF]hD]hE]hI]uh=j¡��h7]r’��hUX���mjones@UCNRSr÷��ÖÅr◊��}rÿ��(h<U�h=j“��ubah@j��ubhUX���)ÖÅrŸ��}r⁄��(h<X���)h=j¡��ubeubah@jF��ubj9��)År€��}r‹��(h<XA���The same email address can be associated with multiple identitiesr›��hB}rfi��(hD]hE]hF]hG]hI]uh=j∏��h7]rfl��h{)År‡��}r·��(h<j›��h=j€��h>h?h@hhB}r‚��(hD]hE]hF]hG]hI]uhKK‹h7]r„��hUXA���The same email address can be associated with multiple identitiesr‰��ÖÅrÂ��}rÊ��(h<j›��h=j‡��ubaubah@jF��ubj9��)ÅrÁ��}rË��(h<X9���The same person or system can possess multiple identitiesrÈ��hB}rÍ��(hD]hE]hF]hG]hI]uh=j∏��h7]rÎ��h{)ÅrÏ��}rÌ��(h<jÈ��h=jÁ��h>h?h@hhB}rÓ��(hD]hE]hF]hG]hI]uhKK›h7]rÔ��hUX9���The same person or system can possess multiple identitiesr��ÖÅrÒ��}rÚ��(h<jÈ��h=jÏ��ubaubah@jF��ubj9��)ÅrÛ��}rÙ��(h<X∫���If a user has multiple identities, the user can express equivalence rules that indicate that they are linked, equivalent identities for the purposes of authentication and authorization hB}rı��(hD]hE]hF]hG]hI]uh=j∏��h7]rˆ��h{)År˜��}r¯��(h<X∏���If a user has multiple identities, the user can express equivalence rules that indicate that they are linked, equivalent identities for the purposes of authentication and authorizationr˘��h=jÛ��h>h?h@hhB}r˙��(hD]hE]hF]hG]hI]uhKKfih7]r˚��hUX∏���If a user has multiple identities, the user can express equivalence rules that indicate that they are linked, equivalent identities for the purposes of authentication and authorizationr¸��ÖÅr˝��}r˛��(h<j˘��h=j˜��ubaubah@jF��ubeh@jÉ��ubaubeubh9)Årˇ��}r���(h<U�h=h:h>h?h@hAhB}r��(hD]hE]hF]hG]r��h#ahI]r��hauhKK‚hLhh7]r��(hN)År��}r��(h<XL���763: Authentication and authorization services are geographically replicatedr��h=jˇ��h>h?h@hRhB}r��(hD]hE]hF]hG]hI]uhKK‚hLhh7]r ��hUXL���763: Authentication and authorization services are geographically replicatedr ��ÖÅr��}r��(h<j��h=j��ubaubjÛ��)År ��}r��(h<U�h=jˇ��h>h?h@jˆ��hB}r��(hD]hE]hF]hG]hI]uhKK‰hLhh7]r��j˘��)År��}r��(h<U�h=j ��h>h?h@j¸��hB}r��(hD]hE]hF]hG]hI]uhKK‰hLhh7]r��(jˇ��)År��}r��(h<X���IDr��h=j��h>h?h@j��hB}r��(hD]hE]hF]hG]hI]uhKK�h7]r��hUX���IDr��ÖÅr��}r��(h<j��h=j��ubaubj ��)År��}r��(h<X$���https://trac.dataone.org/ticket/763 hB}r��(hD]hE]hF]hG]hI]uh=j��h7]r ��h{)År!��}r"��(h<X#���https://trac.dataone.org/ticket/763r#��h=j��h>h?h@hhB}r$��(hD]hE]hF]hG]hI]uhKK‰h7]r%��j��)År&��}r'��(h<j#��hB}r(��(Urefurij#��hG]hF]hD]hE]hI]uh=j!��h7]r)��hUX#���https://trac.dataone.org/ticket/763r*��ÖÅr+��}r,��(h<U�h=j&��ubah@j��ubaubah@j��ubeubaubh{)År-��}r.��(h<X@��Authentication and authorization are critical services that can not afford geographic delays, especially across continents, in order to allow adequate responsiveness. Users and developers of services should not have to know which authentication service is used (i.e. a load balancing and failover solution from a centralized address (probably the coordinating node address) should be able to access any of the replicated services. Replicas should be located at multiple trusted sites (probably coordinating nodes) that are geographically distributed (incl. across continents)r/��h=jˇ��h>h?h@hhB}r0��(hD]hE]hF]hG]hI]uhKKÊhLhh7]r1��hUX@��Authentication and authorization are critical services that can not afford geographic delays, especially across continents, in order to allow adequate responsiveness. Users and developers of services should not have to know which authentication service is used (i.e. a load balancing and failover solution from a centralized address (probably the coordinating node address) should be able to access any of the replicated services. Replicas should be located at multiple trusted sites (probably coordinating nodes) that are geographically distributed (incl. across continents)r2��ÖÅr3��}r4��(h<j/��h=j-��ubaubh{)År5��}r6��(h<X���Fit Criteriar7��h=jˇ��h>h?h@hhB}r8��(hD]hE]hF]hG]hI]uhKKËhLhh7]r9��hUX���Fit Criteriar:��ÖÅr;��}r<��(h<j7��h=j5��ubaubj-��)År=��}r>��(h<U�h=jˇ��h>Nh@j0��hB}r?��(hD]hE]hF]hG]hI]uhKNhLhh7]r@��j3��)ÅrA��}rB��(h<U�hB}rC��(j7��X���*hG]hF]hD]hE]hI]uh=j=��h7]rD��(j9��)ÅrE��}rF��(h<X]���Authentication operations should be less than xxx milliseconds from any point in the network hB}rG��(hD]hE]hF]hG]hI]uh=jA��h7]rH��h{)ÅrI��}rJ��(h<X\���Authentication operations should be less than xxx milliseconds from any point in the networkrK��h=jE��h>h?h@hhB}rL��(hD]hE]hF]hG]hI]uhKKÍh7]rM��hUX\���Authentication operations should be less than xxx milliseconds from any point in the networkrN��ÖÅrO��}rP��(h<jK��h=jI��ubaubah@jF��ubj9��)ÅrQ��}rR��(h<XT���Replicas of authentication and authorization services are geographically replicated hB}rS��(hD]hE]hF]hG]hI]uh=jA��h7]rT��h{)ÅrU��}rV��(h<XS���Replicas of authentication and authorization services are geographically replicatedrW��h=jQ��h>h?h@hhB}rX��(hD]hE]hF]hG]hI]uhKKÏh7]rY��hUXS���Replicas of authentication and authorization services are geographically replicatedrZ��ÖÅr[��}r\��(h<jW��h=jU��ubaubah@jF��ubj9��)År]��}r^��(h<XS���Failover across replicated services is automatic without client-side intervention hB}r_��(hD]hE]hF]hG]hI]uh=jA��h7]r`��h{)Åra��}rb��(h<XQ���Failover across replicated services is automatic without client-side interventionrc��h=j]��h>h?h@hhB}rd��(hD]hE]hF]hG]hI]uhKKÓh7]re��hUXQ���Failover across replicated services is automatic without client-side interventionrf��ÖÅrg��}rh��(h<jc��h=ja��ubaubah@jF��ubeh@jÉ��ubaubeubh9)Åri��}rj��(h<U�h=h:h>h?h@hAhB}rk��(hD]hE]hF]hG]rl��h5ahI]rm��hauhKKÚhLhh7]rn��(hN)Åro��}rp��(h<XG���764: Authentication and access control should be consistently availablerq��h=ji��h>h?h@hRhB}rr��(hD]hE]hF]hG]hI]uhKKÚhLhh7]rs��hUXG���764: Authentication and access control should be consistently availablert��ÖÅru��}rv��(h<jq��h=jo��ubaubjÛ��)Årw��}rx��(h<U�h=ji��h>h?h@jˆ��hB}ry��(hD]hE]hF]hG]hI]uhKKÙhLhh7]rz��j˘��)År{��}r|��(h<U�h=jw��h>h?h@j¸��hB}r}��(hD]hE]hF]hG]hI]uhKKÙhLhh7]r~��(jˇ��)År��}rÄ��(h<X���IDrÅ��h=j{��h>h?h@j��hB}rÇ��(hD]hE]hF]hG]hI]uhKK�h7]rÉ��hUX���IDrÑ��ÖÅrÖ��}rÜ��(h<jÅ��h=j��ubaubj ��)Årá��}rà��(h<X$���https://trac.dataone.org/ticket/764 hB}râ��(hD]hE]hF]hG]hI]uh=j{��h7]rä��h{)Årã��}rå��(h<X#���https://trac.dataone.org/ticket/764rç��h=já��h>h?h@hhB}ré��(hD]hE]hF]hG]hI]uhKKÙh7]rè��j��)Årê��}rë��(h<jç��hB}rí��(Urefurijç��hG]hF]hD]hE]hI]uh=jã��h7]rì��hUX#���https://trac.dataone.org/ticket/764rî��ÖÅrï��}rñ��(h<U�h=jê��ubah@j��ubaubah@j��ubeubaubh{)Åró��}rò��(h<X¶���Authentication and authorization are a critical infrastructure bottleneck, and should be consistently available, likely through load balancing and failover solutions.rô��h=ji��h>h?h@hhB}rö��(hD]hE]hF]hG]hI]uhKKˆhLhh7]rõ��hUX¶���Authentication and authorization are a critical infrastructure bottleneck, and should be consistently available, likely through load balancing and failover solutions.rú��ÖÅrù��}rû��(h<jô��h=jó��ubaubh{)Årü��}r†��(h<X���Fit Criteriar°��h=ji��h>h?h@hhB}r¢��(hD]hE]hF]hG]hI]uhKK¯hLhh7]r£��hUX���Fit Criteriar§��ÖÅr•��}r¶��(h<j°��h=jü��ubaubj-��)Årß��}r®��(h<U�h=ji��h>Nh@j0��hB}r©��(hD]hE]hF]hG]hI]uhKNhLhh7]r™��j3��)År´��}r¨��(h<U�hB}r≠��(j7��X���*hG]hF]hD]hE]hI]uh=jß��h7]rÆ��j9��)ÅrØ��}r∞��(h<XB���Authn and Authz should be available xx.xxxxx% (To be determined) hB}r±��(hD]hE]hF]hG]hI]uh=j´��h7]r≤��h{)År≥��}r¥��(h<X@���Authn and Authz should be available xx.xxxxx% (To be determined)rµ��h=jØ��h>h?h@hhB}r∂��(hD]hE]hF]hG]hI]uhKK˙h7]r∑��hUX@���Authn and Authz should be available xx.xxxxx% (To be determined)r∏��ÖÅrπ��}r∫��(h<jµ��h=j≥��ubaubah@jF��ubah@jÉ��ubaubeubh9)Årª��}rº��(h<U�h=h:h>h?h@hAhB}rΩ��(hD]hE]hF]hG]ræ��h,ahI]rø��hauhKK˛hLhh7]r¿��(hN)År¡��}r¬��(h<X0���765: Tools can access an API for authn and authzr√��h=jª��h>h?h@hRhB}rƒ��(hD]hE]hF]hG]hI]uhKK˛hLhh7]r≈��hUX0���765: Tools can access an API for authn and authzr∆��ÖÅr«��}r»��(h<j√��h=j¡��ubaubjÛ��)År…��}r ��(h<U�h=jª��h>h?h@jˆ��hB}rÀ��(hD]hE]hF]hG]hI]uhKM�hLhh7]rÃ��j˘��)ÅrÕ��}rŒ��(h<U�h=j…��h>h?h@j¸��hB}rœ��(hD]hE]hF]hG]hI]uhKM�hLhh7]r–��(jˇ��)År—��}r“��(h<X���IDr”��h=jÕ��h>h?h@j��hB}r‘��(hD]hE]hF]hG]hI]uhKK�h7]r’��hUX���IDr÷��ÖÅr◊��}rÿ��(h<j”��h=j—��ubaubj ��)ÅrŸ��}r⁄��(h<X$���https://trac.dataone.org/ticket/765 hB}r€��(hD]hE]hF]hG]hI]uh=jÕ��h7]r‹��h{)År›��}rfi��(h<X#���https://trac.dataone.org/ticket/765rfl��h=jŸ��h>h?h@hhB}r‡��(hD]hE]hF]hG]hI]uhKM�h7]r·��j��)År‚��}r„��(h<jfl��hB}r‰��(Urefurijfl��hG]hF]hD]hE]hI]uh=j›��h7]rÂ��hUX#���https://trac.dataone.org/ticket/765rÊ��ÖÅrÁ��}rË��(h<U�h=j‚��ubah@j��ubaubah@j��ubeubaubh{)ÅrÈ��}rÍ��(h<XÓ���A standardized API allows us to build interoperable tools, and adapt existing tools to interoperate with the DataNets. All infrastructure components should be able to use these services, including CNs, MNs, and client tools and libraries.rÎ��h=jª��h>h?h@hhB}rÏ��(hD]hE]hF]hG]hI]uhKMhLhh7]rÌ��hUXÓ���A standardized API allows us to build interoperable tools, and adapt existing tools to interoperate with the DataNets. All infrastructure components should be able to use these services, including CNs, MNs, and client tools and libraries.rÓ��ÖÅrÔ��}r��(h<jÎ��h=jÈ��ubaubh{)ÅrÒ��}rÚ��(h<X���Fit CriteriarÛ��h=jª��h>h?h@hhB}rÙ��(hD]hE]hF]hG]hI]uhKMhLhh7]rı��hUX���Fit Criteriarˆ��ÖÅr˜��}r¯��(h<jÛ��h=jÒ��ubaubj-��)År˘��}r˙��(h<U�h=jª��h>Nh@j0��hB}r˚��(hD]hE]hF]hG]hI]uhKNhLhh7]r¸��j3��)År˝��}r˛��(h<U�hB}rˇ��(j7��X���*hG]hF]hD]hE]hI]uh=j˘��h7]r���(j9��)År��}r��(h<XP���Demonstrated interoperability of the API across 3 client and member node systemsr��hB}r��(hD]hE]hF]hG]hI]uh=j˝��h7]r��h{)År��}r��(h<j��h=j��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKMh7]r ��hUXP���Demonstrated interoperability of the API across 3 client and member node systemsr ��ÖÅr��}r��(h<j��h=j��ubaubah@jF��ubj9��)År ��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=j˝��h7]h@jF��ubj9��)År��}r��(h<U�hB}r��(hD]hE]hF]hG]hI]uh=j˝��h7]h@jF��ubeh@jÉ��ubaubeubh9)År��}r��(h<U�h=h:h>h?h@hAhB}r��(hD]hE]hF]hG]r��h)ahI]r��hauhKMhLhh7]r��(hN)År��}r��(h<Xã���766: Users should be able to easily assign proxy privileges to other users and to systems acting on their behalf for limited time durationsr��h=j��h>h?h@hRhB}r��(hD]hE]hF]hG]hI]uhKMhLhh7]r��hUXã���766: Users should be able to easily assign proxy privileges to other users and to systems acting on their behalf for limited time durationsr��ÖÅr��}r ��(h<j��h=j��ubaubjÛ��)År!��}r"��(h<U�h=j��h>h?h@jˆ��hB}r#��(hD]hE]hF]hG]hI]uhKMhLhh7]r$��j˘��)År%��}r&��(h<U�h=j!��h>h?h@j¸��hB}r'��(hD]hE]hF]hG]hI]uhKMhLhh7]r(��(jˇ��)År)��}r*��(h<X���IDr+��h=j%��h>h?h@j��hB}r,��(hD]hE]hF]hG]hI]uhKK�h7]r-��hUX���IDr.��ÖÅr/��}r0��(h<j+��h=j)��ubaubj ��)År1��}r2��(h<X$���https://trac.dataone.org/ticket/766 hB}r3��(hD]hE]hF]hG]hI]uh=j%��h7]r4��h{)År5��}r6��(h<X#���https://trac.dataone.org/ticket/766r7��h=j1��h>h?h@hhB}r8��(hD]hE]hF]hG]hI]uhKMh7]r9��j��)År:��}r;��(h<j7��hB}r<��(Urefurij7��hG]hF]hD]hE]hI]uh=j5��h7]r=��hUX#���https://trac.dataone.org/ticket/766r>��ÖÅr?��}r@��(h<U�h=j:��ubah@j��ubaubah@j��ubeubaubh{)ÅrA��}rB��(h<Xé��When users need to execute processes asynchronously, they need to be able to grant proxy privileges (e.g., to a workflow or grid system) to operate on their behalf in particular contexts. In addition, at times some users want others to be able to run and access data and operate on behalf of another, such as in a faculty student situation where the student acts as a proxy for the faculty member.rC��h=j��h>h?h@hhB}rD��(hD]hE]hF]hG]hI]uhKMhLhh7]rE��hUXé��When users need to execute processes asynchronously, they need to be able to grant proxy privileges (e.g., to a workflow or grid system) to operate on their behalf in particular contexts. In addition, at times some users want others to be able to run and access data and operate on behalf of another, such as in a faculty student situation where the student acts as a proxy for the faculty member.rF��ÖÅrG��}rH��(h<jC��h=jA��ubaubh{)ÅrI��}rJ��(h<X���Fit CriteriarK��h=j��h>h?h@hhB}rL��(hD]hE]hF]hG]hI]uhKMhLhh7]rM��hUX���Fit CriteriarN��ÖÅrO��}rP��(h<jK��h=jI��ubaubj-��)ÅrQ��}rR��(h<U�h=j��h>Nh@j0��hB}rS��(hD]hE]hF]hG]hI]uhKNhLhh7]rT��j3��)ÅrU��}rV��(h<U�hB}rW��(j7��X���*hG]hF]hD]hE]hI]uh=jQ��h7]rX��(j9��)ÅrY��}rZ��(h<U�hB}r[��(hD]hE]hF]hG]hI]uh=jU��h7]h@jF��ubj9��)År\��}r]��(h<U�hB}r^��(hD]hE]hF]hG]hI]uh=jU��h7]h@jF��ubj9��)År_��}r`��(h<U�hB}ra��(hD]hE]hF]hG]hI]uh=jU��h7]h@jF��ubeh@jÉ��ubaubeubh9)Årb��}rc��(h<U�h=h:h>h?h@hAhB}rd��(hD]hE]hF]hG]re��h.ahI]rf��hauhKMhLhh7]rg��(hN)Årh��}ri��(h<X<���767: Users need to be able to express embargo rules for datarj��h=jb��h>h?h@hRhB}rk��(hD]hE]hF]hG]hI]uhKMhLhh7]rl��hUX<���767: Users need to be able to express embargo rules for datarm��ÖÅrn��}ro��(h<jj��h=jh��ubaubjÛ��)Årp��}rq��(h<U�h=jb��h>h?h@jˆ��hB}rr��(hD]hE]hF]hG]hI]uhKMhLhh7]rs��j˘��)Årt��}ru��(h<U�h=jp��h>h?h@j¸��hB}rv��(hD]hE]hF]hG]hI]uhKMhLhh7]rw��(jˇ��)Årx��}ry��(h<X���IDrz��h=jt��h>h?h@j��hB}r{��(hD]hE]hF]hG]hI]uhKK�h7]r|��hUX���IDr}��ÖÅr~��}r��(h<jz��h=jx��ubaubj ��)ÅrÄ��}rÅ��(h<X$���https://trac.dataone.org/ticket/767 hB}rÇ��(hD]hE]hF]hG]hI]uh=jt��h7]rÉ��h{)ÅrÑ��}rÖ��(h<X#���https://trac.dataone.org/ticket/767rÜ��h=jÄ��h>h?h@hhB}rá��(hD]hE]hF]hG]hI]uhKMh7]rà��j��)Årâ��}rä��(h<jÜ��hB}rã��(UrefurijÜ��hG]hF]hD]hE]hI]uh=jÑ��h7]rå��hUX#���https://trac.dataone.org/ticket/767rç��ÖÅré��}rè��(h<U�h=jâ��ubah@j��ubaubah@j��ubeubaubh{)Årê��}rë��(h<Xs��These embargo rules allow data to be published in the system, but not released until a particular date. By operating this way, users can use the system in their daily management of their data without worry of losing track of publication of the data at a later date. It encourages people to start using the system even long before they want to publicly release the data.rí��h=jb��h>h?h@hhB}rì��(hD]hE]hF]hG]hI]uhKMhLhh7]rî��hUXs��These embargo rules allow data to be published in the system, but not released until a particular date. By operating this way, users can use the system in their daily management of their data without worry of losing track of publication of the data at a later date. It encourages people to start using the system even long before they want to publicly release the data.rï��ÖÅrñ��}ró��(h<jí��h=jê��ubaubh{)Årò��}rô��(h<X���Fit Criteriarö��h=jb��h>h?h@hhB}rõ��(hD]hE]hF]hG]hI]uhKM hLhh7]rú��hUX���Fit Criteriarù��ÖÅrû��}rü��(h<jö��h=jò��ubaubj-��)År†��}r°��(h<U�h=jb��h>Nh@j0��hB}r¢��(hD]hE]hF]hG]hI]uhKNhLhh7]r£��j3��)År§��}r•��(h<U�hB}r¶��(j7��X���*hG]hF]hD]hE]hI]uh=j†��h7]rß��(j9��)År®��}r©��(h<U�hB}r™��(hD]hE]hF]hG]hI]uh=j§��h7]h@jF��ubj9��)År´��}r¨��(h<U�hB}r≠��(hD]hE]hF]hG]hI]uh=j§��h7]h@jF��ubj9��)ÅrÆ��}rØ��(h<U�hB}r∞��(hD]hE]hF]hG]hI]uh=j§��h7]h@jF��ubeh@jÉ��ubaubeubh9)År±��}r≤��(h<U�h=h:h>h?h@hAhB}r≥��(hD]hE]hF]hG]r¥��h0ahI]rµ��hauhKM(hLhh7]r∂��(hN)År∑��}r∏��(h<X^���768: Need default authz policies that resolve problems associated with inaccessible principalsrπ��h=j±��h>h?h@hRhB}r∫��(hD]hE]hF]hG]hI]uhKM(hLhh7]rª��hUX^���768: Need default authz policies that resolve problems associated with inaccessible principalsrº��ÖÅrΩ��}ræ��(h<jπ��h=j∑��ubaubjÛ��)Årø��}r¿��(h<U�h=j±��h>h?h@jˆ��hB}r¡��(hD]hE]hF]hG]hI]uhKM*hLhh7]r¬��j˘��)År√��}rƒ��(h<U�h=jø��h>h?h@j¸��hB}r≈��(hD]hE]hF]hG]hI]uhKM*hLhh7]r∆��(jˇ��)År«��}r»��(h<X���IDr…��h=j√��h>h?h@j��hB}r ��(hD]hE]hF]hG]hI]uhKK�h7]rÀ��hUX���IDrÃ��ÖÅrÕ��}rŒ��(h<j…��h=j«��ubaubj ��)Årœ��}r–��(h<X$���https://trac.dataone.org/ticket/768 hB}r—��(hD]hE]hF]hG]hI]uh=j√��h7]r“��h{)År”��}r‘��(h<X#���https://trac.dataone.org/ticket/768r’��h=jœ��h>h?h@hhB}r÷��(hD]hE]hF]hG]hI]uhKM*h7]r◊��j��)Årÿ��}rŸ��(h<j’��hB}r⁄��(Urefurij’��hG]hF]hD]hE]hI]uh=j”��h7]r€��hUX#���https://trac.dataone.org/ticket/768r‹��ÖÅr›��}rfi��(h<U�h=jÿ��ubah@j��ubaubah@j��ubeubaubh{)Årfl��}r‡��(h<Xë��When principals die, retire, change careers, or lose interest in a research area, they may leave in the system data objects that would be otherwise useful to science but are restricted access. The authorization system should have carefully crafted default policies that encourage the public release and sharing of data, the expiration of embargo periods, and the movement of data into the public domain when it is legal and ethical to do so. Principals should be able to override these defaults to create more restrictive policies (e.g., for human subjects data) that will be respected indefinitely, but the defaults should encourage openness and sharing.r·��h=j±��h>h?h@hhB}r‚��(hD]hE]hF]hG]hI]uhKM,hLhh7]r„��hUXë��When principals die, retire, change careers, or lose interest in a research area, they may leave in the system data objects that would be otherwise useful to science but are restricted access. The authorization system should have carefully crafted default policies that encourage the public release and sharing of data, the expiration of embargo periods, and the movement of data into the public domain when it is legal and ethical to do so. Principals should be able to override these defaults to create more restrictive policies (e.g., for human subjects data) that will be respected indefinitely, but the defaults should encourage openness and sharing.r‰��ÖÅrÂ��}rÊ��(h<j·��h=jfl��ubaubh{)ÅrÁ��}rË��(h<X���Fit CriteriarÈ��h=j±��h>h?h@hhB}rÍ��(hD]hE]hF]hG]hI]uhKM.hLhh7]rÎ��hUX���Fit CriteriarÏ��ÖÅrÌ��}rÓ��(h<jÈ��h=jÁ��ubaubj-��)ÅrÔ��}r��(h<U�h=j±��h>Nh@j0��hB}rÒ��(hD]hE]hF]hG]hI]uhKNhLhh7]rÚ��j3��)ÅrÛ��}rÙ��(h<U�hB}rı��(j7��X���*hG]hF]hD]hE]hI]uh=jÔ��h7]rˆ��j9��)År˜��}r¯��(h<Xw���Defaults encourage openness and sharing, without alienating principals through unexpected release of their data, etc. hB}r˘��(hD]hE]hF]hG]hI]uh=jÛ��h7]r˙��h{)År˚��}r¸��(h<Xu���Defaults encourage openness and sharing, without alienating principals through unexpected release of their data, etc.r˝��h=j˜��h>h?h@hhB}r˛��(hD]hE]hF]hG]hI]uhKM0h7]rˇ��hUXu���Defaults encourage openness and sharing, without alienating principals through unexpected release of their data, etc.r� ��ÖÅr ��}r ��(h<j˝��h=j˚��ubaubah@jF��ubah@jÉ��ubaubeubh9)År ��}r ��(h<U�h=h:h>h?h@hAhB}r ��(hD]hE]hF]hG]r ��h-ahI]r ��hauhKM4hLhh7]r ��(hN)År ��}r ��(h<X\���769: Authorization should support critical roles, such as curators and system administratorsr ��h=j ��h>h?h@hRhB}r ��(hD]hE]hF]hG]hI]uhKM4hLhh7]r ��hUX\���769: Authorization should support critical roles, such as curators and system administratorsr ��ÖÅr ��}r ��(h<j ��h=j ��ubaubjÛ��)År ��}r ��(h<U�h=j ��h>h?h@jˆ��hB}r ��(hD]hE]hF]hG]hI]uhKM6hLhh7]r ��j˘��)År ��}r ��(h<U�h=j ��h>h?h@j¸��hB}r ��(hD]hE]hF]hG]hI]uhKM6hLhh7]r ��(jˇ��)År ��}r ��(h<X���IDr ��h=j ��h>h?h@j��hB}r ��(hD]hE]hF]hG]hI]uhKK�h7]r ��hUX���IDr ��ÖÅr ��}r ��(h<j ��h=j ��ubaubj ��)År! ��}r" ��(h<X$���https://trac.dataone.org/ticket/769 hB}r# ��(hD]hE]hF]hG]hI]uh=j ��h7]r$ ��h{)År% ��}r& ��(h<X#���https://trac.dataone.org/ticket/769r' ��h=j! ��h>h?h@hhB}r( ��(hD]hE]hF]hG]hI]uhKM6h7]r) ��j��)År* ��}r+ ��(h<j' ��hB}r, ��(Urefurij' ��hG]hF]hD]hE]hI]uh=j% ��h7]r- ��hUX#���https://trac.dataone.org/ticket/769r. ��ÖÅr/ ��}r0 ��(h<U�h=j* ��ubah@j��ubaubah@j��ubeubaubh{)År1 ��}r2 ��(h<X˝��While the principals contributing data should be able to specify access, they frequently struggle with the software systems intended to do so, and at times make mistakes. The system should support certain roles with elevated privielges for groups of objects to allow, e.g, a system administrator or data curator to change objects for which they are not otherwise granted access. For example, all objects that are associated with a particular field station might be managed by the information manager at that field station, and the person filling that role through time might change. Individual principals should be able to determine who has access to objects, both through explicit grants of access and through indirect roles that may be only implicitly defined.r3 ��h=j ��h>h?h@hhB}r4 ��(hD]hE]hF]hG]hI]uhKM8hLhh7]r5 ��hUX˝��While the principals contributing data should be able to specify access, they frequently struggle with the software systems intended to do so, and at times make mistakes. The system should support certain roles with elevated privielges for groups of objects to allow, e.g, a system administrator or data curator to change objects for which they are not otherwise granted access. For example, all objects that are associated with a particular field station might be managed by the information manager at that field station, and the person filling that role through time might change. Individual principals should be able to determine who has access to objects, both through explicit grants of access and through indirect roles that may be only implicitly defined.r6 ��ÖÅr7 ��}r8 ��(h<j3 ��h=j1 ��ubaubh{)År9 ��}r: ��(h<X���Fit Criteriar; ��h=j ��h>h?h@hhB}r< ��(hD]hE]hF]hG]hI]uhKM:hLhh7]r= ��hUX���Fit Criteriar> ��ÖÅr? ��}r@ ��(h<j; ��h=j9 ��ubaubj-��)ÅrA ��}rB ��(h<U�h=j ��h>Nh@j0��hB}rC ��(hD]hE]hF]hG]hI]uhKNhLhh7]rD ��j3��)ÅrE ��}rF ��(h<U�hB}rG ��(j7��X���*hG]hF]hD]hE]hI]uh=jA ��h7]rH ��j9��)ÅrI ��}rJ ��(h<Xì���Its possible for access by some roles to be assigned implicitly through certain membership criteria (e.g., a data object is part of an LTER site) hB}rK ��(hD]hE]hF]hG]hI]uh=jE ��h7]rL ��h{)ÅrM ��}rN ��(h<Xë���Its possible for access by some roles to be assigned implicitly through certain membership criteria (e.g., a data object is part of an LTER site)rO ��h=jI ��h>h?h@hhB}rP ��(hD]hE]hF]hG]hI]uhKM<h7]rQ ��hUXë���Its possible for access by some roles to be assigned implicitly through certain membership criteria (e.g., a data object is part of an LTER site)rR ��ÖÅrS ��}rT ��(h<jO ��h=jM ��ubaubah@jF��ubah@jÉ��ubaubeubh9)ÅrU ��}rV ��(h<U�h=h:h>h?h@hAhB}rW ��(hD]hE]hF]hG]rX ��h&ahI]rY ��h auhKM@hLhh7]rZ ��(hN)År[ ��}r\ ��(h<X_���770: Authorization system should be able to express the pseudo-principal concepts like 'public'r] ��h=jU ��h>h?h@hRhB}r^ ��(hD]hE]hF]hG]hI]uhKM@hLhh7]r_ ��hUX_���770: Authorization system should be able to express the pseudo-principal concepts like 'public'r` ��ÖÅra ��}rb ��(h<j] ��h=j[ ��ubaubjÛ��)Årc ��}rd ��(h<U�h=jU ��h>h?h@jˆ��hB}re ��(hD]hE]hF]hG]hI]uhKMBhLhh7]rf ��j˘��)Årg ��}rh ��(h<U�h=jc ��h>h?h@j¸��hB}ri ��(hD]hE]hF]hG]hI]uhKMBhLhh7]rj ��(jˇ��)Årk ��}rl ��(h<X���IDrm ��h=jg ��h>h?h@j��hB}rn ��(hD]hE]hF]hG]hI]uhKK�h7]ro ��hUX���IDrp ��ÖÅrq ��}rr ��(h<jm ��h=jk ��ubaubj ��)Års ��}rt ��(h<X$���https://trac.dataone.org/ticket/770 hB}ru ��(hD]hE]hF]hG]hI]uh=jg ��h7]rv ��h{)Årw ��}rx ��(h<X#���https://trac.dataone.org/ticket/770ry ��h=js ��h>h?h@hhB}rz ��(hD]hE]hF]hG]hI]uhKMBh7]r{ ��j��)År| ��}r} ��(h<jy ��hB}r~ ��(Urefurijy ��hG]hF]hD]hE]hI]uh=jw ��h7]r ��hUX#���https://trac.dataone.org/ticket/770rÄ ��ÖÅrÅ ��}rÇ ��(h<U�h=j| ��ubah@j��ubaubah@j��ubeubaubh{)ÅrÉ ��}rÑ ��(h<Xï���There should be well-known mechanisms in the authorization system to allow access rules that explicitly grant access to pseudo-principals, including:rÖ ��h=jU ��h>h?h@hhB}rÜ ��(hD]hE]hF]hG]hI]uhKMDhLhh7]rá ��hUXï���There should be well-known mechanisms in the authorization system to allow access rules that explicitly grant access to pseudo-principals, including:rà ��ÖÅrâ ��}rä ��(h<jÖ ��h=jÉ ��ubaubj-��)Årã ��}rå ��(h<U�h=jU ��h>Nh@j0��hB}rç ��(hD]hE]hF]hG]hI]uhKNhLhh7]ré ��j3��)Årè ��}rê ��(h<U�hB}rë ��(j7��X���*hG]hF]hD]hE]hI]uh=jã ��h7]rí ��(j9��)Årì ��}rî ��(h<X*���public: anonymous, non-authenticated usersrï ��hB}rñ ��(hD]hE]hF]hG]hI]uh=jè ��h7]ró ��h{)Årò ��}rô ��(h<jï ��h=jì ��h>h?h@hhB}rö ��(hD]hE]hF]hG]hI]uhKMFh7]rõ ��hUX*���public: anonymous, non-authenticated usersrú ��ÖÅrù ��}rû ��(h<jï ��h=jò ��ubaubah@jF��ubj9��)Årü ��}r† ��(h<X���valid-user: authenticated userr° ��hB}r¢ ��(hD]hE]hF]hG]hI]uh=jè ��h7]r£ ��h{)År§ ��}r• ��(h<j° ��h=jü ��h>h?h@hhB}r¶ ��(hD]hE]hF]hG]hI]uhKMGh7]rß ��hUX���valid-user: authenticated userr® ��ÖÅr© ��}r™ ��(h<j° ��h=j§ ��ubaubah@jF��ubj9��)År´ ��}r¨ ��(h<XM���registered-user: authenticated user with explicit minimal contact informationr≠ ��hB}rÆ ��(hD]hE]hF]hG]hI]uh=jè ��h7]rØ ��h{)År∞ ��}r± ��(h<j≠ ��h=j´ ��h>h?h@hhB}r≤ ��(hD]hE]hF]hG]hI]uhKMHh7]r≥ ��hUXM���registered-user: authenticated user with explicit minimal contact informationr¥ ��ÖÅrµ ��}r∂ ��(h<j≠ ��h=j∞ ��ubaubah@jF��ubj9��)År∑ ��}r∏ ��(h<Xâ���verified-user: authenticated user with explicit minimal contact information that has been verified as belonging to a real account holder hB}rπ ��(hD]hE]hF]hG]hI]uh=jè ��h7]r∫ ��h{)Årª ��}rº ��(h<Xà���verified-user: authenticated user with explicit minimal contact information that has been verified as belonging to a real account holderrΩ ��h=j∑ ��h>h?h@hhB}ræ ��(hD]hE]hF]hG]hI]uhKMIh7]rø ��hUXà���verified-user: authenticated user with explicit minimal contact information that has been verified as belonging to a real account holderr¿ ��ÖÅr¡ ��}r¬ ��(h<jΩ ��h=jª ��ubaubah@jF��ubeh@jÉ��ubaubh{)År√ ��}rƒ ��(h<X���Fit Criteriar≈ ��h=jU ��h>h?h@hhB}r∆ ��(hD]hE]hF]hG]hI]uhKMKhLhh7]r« ��hUX���Fit Criteriar» ��ÖÅr… ��}r ��(h<j≈ ��h=j√ ��ubaubj-��)ÅrÀ ��}rà ��(h<U�h=jU ��h>Nh@j0��hB}rÕ ��(hD]hE]hF]hG]hI]uhKNhLhh7]rŒ ��j3��)Årœ ��}r– ��(h<U�hB}r— ��(j7��X���*hG]hF]hD]hE]hI]uh=jÀ ��h7]r“ ��j9��)År” ��}r‘ ��(h<U�hB}r’ ��(hD]hE]hF]hG]hI]uh=jœ ��h7]h@jF��ubah@jÉ��ubaubeubh9)År÷ ��}r◊ ��(h<U�h=h:h>h?h@hAhB}rÿ ��(hD]hE]hF]hG]rŸ ��h6ahI]r⁄ ��hauhKMQhLhh7]r€ ��(hN)År‹ ��}r› ��(h<XÜ���771: User identities should have simple string serializations that express both the user identity and namespace from which it is drawnrfi ��h=j÷ ��h>h?h@hRhB}rfl ��(hD]hE]hF]hG]hI]uhKMQhLhh7]r‡ ��hUXÜ���771: User identities should have simple string serializations that express both the user identity and namespace from which it is drawnr· ��ÖÅr‚ ��}r„ ��(h<jfi ��h=j‹ ��ubaubjÛ��)År‰ ��}r ��(h<U�h=j÷ ��h>h?h@jˆ��hB}rÊ ��(hD]hE]hF]hG]hI]uhKMShLhh7]rÁ ��j˘��)ÅrË ��}rÈ ��(h<U�h=j‰ ��h>h?h@j¸��hB}rÍ ��(hD]hE]hF]hG]hI]uhKMShLhh7]rÎ ��(jˇ��)ÅrÏ ��}rÌ ��(h<X���IDrÓ ��h=jË ��h>h?h@j��hB}rÔ ��(hD]hE]hF]hG]hI]uhKK�h7]r ��hUX���IDrÒ ��ÖÅrÚ ��}rÛ ��(h<jÓ ��h=jÏ ��ubaubj ��)ÅrÙ ��}rı ��(h<X$���https://trac.dataone.org/ticket/771 hB}rˆ ��(hD]hE]hF]hG]hI]uh=jË ��h7]r˜ ��h{)År¯ ��}r˘ ��(h<X#���https://trac.dataone.org/ticket/771r˙ ��h=jÙ ��h>h?h@hhB}r˚ ��(hD]hE]hF]hG]hI]uhKMSh7]r¸ ��j��)År˝ ��}r˛ ��(h<j˙ ��hB}rˇ ��(Urefurij˙ ��hG]hF]hD]hE]hI]uh=j¯ ��h7]r� ��hUX#���https://trac.dataone.org/ticket/771r ��ÖÅr ��}r ��(h<U�h=j˝ ��ubah@j��ubaubah@j��ubeubaubh{)År ��}r ��(h<X√��When user identities can be drawn from multiple providers, we need to be able to serialize both the id and the provider namespace, for example by encapsulating both in a single distinguished name (DN). Ideally this serialization would be relatively short, persistent, and human understandable, and ideally it should not contain spaces or other characters that make it difficult to utilize in a variety of contexts (such as command line applications).r ��h=j÷ ��h>h?h@hhB}r ��(hD]hE]hF]hG]hI]uhKMUhLhh7]r ��hUX√��When user identities can be drawn from multiple providers, we need to be able to serialize both the id and the provider namespace, for example by encapsulating both in a single distinguished name (DN). Ideally this serialization would be relatively short, persistent, and human understandable, and ideally it should not contain spaces or other characters that make it difficult to utilize in a variety of contexts (such as command line applications).r ��ÖÅr ��}r ��(h<j ��h=j ��ubaubh{)År ��}r ��(h<X5���An example DN that has worked for the KNB network is:r ��h=j÷ ��h>h?h@hhB}r ��(hD]hE]hF]hG]hI]uhKMWhLhh7]r ��hUX5���An example DN that has worked for the KNB network is:r ��ÖÅr ��}r ��(h<j ��h=j ��ubaubj-��)År ��}r ��(h<U�h=j÷ ��h>h?h@j0��hB}r ��(hD]hE]hF]hG]hI]uhKNhLhh7]r ��h{)År ��}r ��(h<X*���uid=jones,o=NCEAS,dc=ecoinformatics,dc=orgr ��h=j ��h>h?h@hhB}r ��(hD]hE]hF]hG]hI]uhKMYh7]r ��hUX*���uid=jones,o=NCEAS,dc=ecoinformatics,dc=orgr ��ÖÅr ��}r ��(h<j ��h=j ��ubaubaubh{)År ��}r! ��(h<X���Fit Criteriar" ��h=j÷ ��h>h?h@hhB}r# ��(hD]hE]hF]hG]hI]uhKM[hLhh7]r$ ��hUX���Fit Criteriar% ��ÖÅr& ��}r' ��(h<j" ��h=j ��ubaubj-��)År( ��}r) ��(h<U�h=j÷ ��h>Nh@j0��hB}r* ��(hD]hE]hF]hG]hI]uhKNhLhh7]r+ ��j3��)År, ��}r- ��(h<U�hB}r. ��(j7��X���*hG]hF]hD]hE]hI]uh=j( ��h7]r/ ��(j9��)År0 ��}r1 ��(h<U�hB}r2 ��(hD]hE]hF]hG]hI]uh=j, ��h7]h@jF��ubj9��)År3 ��}r4 ��(h<U�hB}r5 ��(hD]hE]hF]hG]hI]uh=j, ��h7]h@jF��ubj9��)År6 ��}r7 ��(h<U�hB}r8 ��(hD]hE]hF]hG]hI]uh=j, ��h7]h@jF��ubeh@jÉ��ubaubeubh9)År9 ��}r: ��(h<U�h=h:h>h?h@hAhB}r; ��(hD]hE]hF]hG]r< ��h%ahI]r= ��hauhKMchLhh7]r> ��(hN)År? ��}r@ ��(h<X_���772: Authentication services should be compatible with existing infrastructure and applicationsrA ��h=j9 ��h>h?h@hRhB}rB ��(hD]hE]hF]hG]hI]uhKMchLhh7]rC ��hUX_���772: Authentication services should be compatible with existing infrastructure and applicationsrD ��ÖÅrE ��}rF ��(h<jA ��h=j? ��ubaubjÛ��)ÅrG ��}rH ��(h<U�h=j9 ��h>h?h@jˆ��hB}rI ��(hD]hE]hF]hG]hI]uhKMehLhh7]rJ ��j˘��)ÅrK ��}rL ��(h<U�h=jG ��h>h?h@j¸��hB}rM ��(hD]hE]hF]hG]hI]uhKMehLhh7]rN ��(jˇ��)ÅrO ��}rP ��(h<X���IDrQ ��h=jK ��h>h?h@j��hB}rR ��(hD]hE]hF]hG]hI]uhKK�h7]rS ��hUX���IDrT ��ÖÅrU ��}rV ��(h<jQ ��h=jO ��ubaubj ��)ÅrW ��}rX ��(h<X$���https://trac.dataone.org/ticket/772 hB}rY ��(hD]hE]hF]hG]hI]uh=jK ��h7]rZ ��h{)År[ ��}r\ ��(h<X#���https://trac.dataone.org/ticket/772r] ��h=jW ��h>h?h@hhB}r^ ��(hD]hE]hF]hG]hI]uhKMeh7]r_ ��j��)År` ��}ra ��(h<j] ��hB}rb ��(Urefurij] ��hG]hF]hD]hE]hI]uh=j[ ��h7]rc ��hUX#���https://trac.dataone.org/ticket/772rd ��ÖÅre ��}rf ��(h<U�h=j` ��ubah@j��ubaubah@j��ubeubaubh{)Årg ��}rh ��(h<X6��Many applications will need to be adapted to work with the authentication and authorization services provided. Ideally, the services chosen will be compatible with existing systems and support those systems through standard protocols. Applications will need to commonly connect to, for example, web applications using HTTP Basic Authentication for Apache and JAAS for servlets like Tomcat. In addition, some applications may want to connect via PAM and similar security mechanisms. Some identity services, such as LDAP, are commonly supported in these scenarios.ri ��h=j9 ��h>h?h@hhB}rj ��(hD]hE]hF]hG]hI]uhKMghLhh7]rk ��hUX6��Many applications will need to be adapted to work with the authentication and authorization services provided. Ideally, the services chosen will be compatible with existing systems and support those systems through standard protocols. Applications will need to commonly connect to, for example, web applications using HTTP Basic Authentication for Apache and JAAS for servlets like Tomcat. In addition, some applications may want to connect via PAM and similar security mechanisms. Some identity services, such as LDAP, are commonly supported in these scenarios.rl ��ÖÅrm ��}rn ��(h<ji ��h=jg ��ubaubjL��)Åro ��}rp ��(h<U�h=j9 ��h>Nh@jO��hB}rq ��(hD]hE]hF]hG]hI]uhKNhLhh7]rr ��jR��)Års ��}rt ��(h<XØ���Fit Criteria * Software in common use at Member Nodes and as clients should be able to easily utilize the authentication and authorization services with minimal configuration h=jo ��h>h?h@jU��hB}ru ��(hD]hE]hF]hG]hI]uhKMjh7]rv ��(jX��)Årw ��}rx ��(h<X���Fit Criteriary ��h=js ��h>h?h@j\��hB}rz ��(hD]hE]hF]hG]hI]uhKMjh7]r{ ��hUX���Fit Criteriar| ��ÖÅr} ��}r~ ��(h<jy ��h=jw ��ubaubjb��)År ��}rÄ ��(h<U�hB}rÅ ��(hD]hE]hF]hG]hI]uh=js ��h7]rÇ ��j3��)ÅrÉ ��}rÑ ��(h<U�hB}rÖ ��(j7��X���*hG]hF]hD]hE]hI]uh=j ��h7]rÜ ��j9��)Årá ��}rà ��(h<X†���Software in common use at Member Nodes and as clients should be able to easily utilize the authentication and authorization services with minimal configuration hB}râ ��(hD]hE]hF]hG]hI]uh=jÉ ��h7]rä ��h{)Årã ��}rå ��(h<Xü���Software in common use at Member Nodes and as clients should be able to easily utilize the authentication and authorization services with minimal configurationrç ��h=já ��h>h?h@hhB}ré ��(hD]hE]hF]hG]hI]uhKMjh7]rè ��hUXü���Software in common use at Member Nodes and as clients should be able to easily utilize the authentication and authorization services with minimal configurationrê ��ÖÅrë ��}rí ��(h<jç ��h=jã ��ubaubah@jF��ubah@jÉ��ubah@jÉ��ubeubaubeubh9)Årì ��}rî ��(h<U�h=h:h>h?h@hAhB}rï ��(hD]hE]hF]hG]rñ ��h*ahI]ró ��h auhKMmhLhh7]rò ��(hN)Årô ��}rö ��(h<X@���777: Authorization rules should support common permission levelsrõ ��h=jì ��h>h?h@hRhB}rú ��(hD]hE]hF]hG]hI]uhKMmhLhh7]rù ��hUX@���777: Authorization rules should support common permission levelsrû ��ÖÅrü ��}r† ��(h<jõ ��h=jô ��ubaubjÛ��)År° ��}r¢ ��(h<U�h=jì ��h>h?h@jˆ��hB}r£ ��(hD]hE]hF]hG]hI]uhKMohLhh7]r§ ��j˘��)År• ��}r¶ ��(h<U�h=j° ��h>h?h@j¸��hB}rß ��(hD]hE]hF]hG]hI]uhKMohLhh7]r® ��(jˇ��)År© ��}r™ ��(h<X���IDr´ ��h=j• ��h>h?h@j��hB}r¨ ��(hD]hE]hF]hG]hI]uhKK�h7]r≠ ��hUX���IDrÆ ��ÖÅrØ ��}r∞ ��(h<j´ ��h=j© ��ubaubj ��)År± ��}r≤ ��(h<X$���https://trac.dataone.org/ticket/777 hB}r≥ ��(hD]hE]hF]hG]hI]uh=j• ��h7]r¥ ��h{)Årµ ��}r∂ ��(h<X#���https://trac.dataone.org/ticket/777r∑ ��h=j± ��h>h?h@hhB}r∏ ��(hD]hE]hF]hG]hI]uhKMoh7]rπ ��j��)År∫ ��}rª ��(h<j∑ ��hB}rº ��(Urefurij∑ ��hG]hF]hD]hE]hI]uh=jµ ��h7]rΩ ��hUX#���https://trac.dataone.org/ticket/777ræ ��ÖÅrø ��}r¿ ��(h<U�h=j∫ ��ubah@j��ubaubah@j��ubeubaubh{)År¡ ��}r¬ ��(h<XÃ���Several types of access directives are in common use in data packages in the environmental sciences, and the authorization system should support these. The most common authorization levels would include:r√ ��h=jì ��h>h?h@hhB}rƒ ��(hD]hE]hF]hG]hI]uhKMqhLhh7]r≈ ��hUXÃ���Several types of access directives are in common use in data packages in the environmental sciences, and the authorization system should support these. The most common authorization levels would include:r∆ ��ÖÅr« ��}r» ��(h<j√ ��h=j¡ ��ubaubj-��)År… ��}r ��(h<U�h=jì ��h>Nh@j0��hB}rÀ ��(hD]hE]hF]hG]hI]uhKNhLhh7]rà ��j3��)ÅrÕ ��}rŒ ��(h<U�hB}rœ ��(j7��X���*hG]hF]hD]hE]hI]uh=j… ��h7]r– ��(j9��)År— ��}r“ ��(h<X3���read: the ability to display or download an object hB}r” ��(hD]hE]hF]hG]hI]uh=jÕ ��h7]r‘ ��h{)År’ ��}r÷ ��(h<X2���read: the ability to display or download an objectr◊ ��h=j— ��h>h?h@hhB}rÿ ��(hD]hE]hF]hG]hI]uhKMsh7]rŸ ��hUX2���read: the ability to display or download an objectr⁄ ��ÖÅr€ ��}r‹ ��(h<j◊ ��h=j’ ��ubaubah@jF��ubj9��)År› ��}rfi ��(h<X¬���write: the ability to change the content of an object through an update operation (which does not mean it actually changes the object -- it may just create a new version that obsoletes the old) hB}rfl ��(hD]hE]hF]hG]hI]uh=jÕ ��h7]r‡ ��h{)År· ��}r‚ ��(h<X¡���write: the ability to change the content of an object through an update operation (which does not mean it actually changes the object -- it may just create a new version that obsoletes the old)r„ ��h=j› ��h>h?h@hhB}r‰ ��(hD]hE]hF]hG]hI]uhKMuh7]r ��hUX¡���write: the ability to change the content of an object through an update operation (which does not mean it actually changes the object -- it may just create a new version that obsoletes the old)rÊ ��ÖÅrÁ ��}rË ��(h<j„ ��h=j· ��ubaubah@jF��ubj9��)ÅrÈ ��}rÍ ��(h<XK���changePermission: the ability to change access control rules on the object hB}rÎ ��(hD]hE]hF]hG]hI]uh=jÕ ��h7]rÏ ��h{)ÅrÌ ��}rÓ ��(h<XJ���changePermission: the ability to change access control rules on the objectrÔ ��h=jÈ ��h>h?h@hhB}r ��(hD]hE]hF]hG]hI]uhKMwh7]rÒ ��hUXJ���changePermission: the ability to change access control rules on the objectrÚ ��ÖÅrÛ ��}rÙ ��(h<jÔ ��h=jÌ ��ubaubah@jF��ubeh@jÉ��ubaubh{)Årı ��}rˆ ��(h<X¢���Often, the permission levels are nested, in that higher privilege levels encompass the lower levels as well (e.g., write access to an object implies read access).r˜ ��h=jì ��h>h?h@hhB}r¯ ��(hD]hE]hF]hG]hI]uhKMyhLhh7]r˘ ��hUX¢���Often, the permission levels are nested, in that higher privilege levels encompass the lower levels as well (e.g., write access to an object implies read access).r˙ ��ÖÅr˚ ��}r¸ ��(h<j˜ ��h=jı ��ubaubh{)År˝ ��}r˛ ��(h<Xa���See the EML access control module for a detailed explanation of these levels (eml-access module).rˇ ��h=jì ��h>h?h@hhB}r���(hD]hE]hF]hG]hI]uhKM{hLhh7]r��hUXa���See the EML access control module for a detailed explanation of these levels (eml-access module).r��ÖÅr��}r��(h<jˇ ��h=j˝ ��ubaubh{)År��}r��(h<XV��In addition to specifying levels of permissions on the individual data objects, the authorization system should allow node administrators to specify what services principals can utilize on their nodes, and any resource constraints that may apply. For example, a Member Node operator may want to specify for their node several rules, such as:r��h=jì ��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKM}hLhh7]r ��hUXV��In addition to specifying levels of permissions on the individual data objects, the authorization system should allow node administrators to specify what services principals can utilize on their nodes, and any resource constraints that may apply. For example, a Member Node operator may want to specify for their node several rules, such as:r ��ÖÅr��}r��(h<j��h=j��ubaubj-��)År ��}r��(h<U�h=jì ��h>Nh@j0��hB}r��(hD]hE]hF]hG]hI]uhKNhLhh7]r��j3��)År��}r��(h<U�hB}r��(j7��X���*hG]hF]hD]hE]hI]uh=j ��h7]r��(j9��)År��}r��(h<X1���user joe can insert or update objects on node 32 hB}r��(hD]hE]hF]hG]hI]uh=j��h7]r��h{)År��}r��(h<X0���user joe can insert or update objects on node 32r��h=j��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKMh7]r��hUX0���user joe can insert or update objects on node 32r��ÖÅr��}r ��(h<j��h=j��ubaubah@jF��ubj9��)År!��}r"��(h<X,���user jack can not update objects on node 21 hB}r#��(hD]hE]hF]hG]hI]uh=j��h7]r$��h{)År%��}r&��(h<X+���user jack can not update objects on node 21r'��h=j!��h>h?h@hhB}r(��(hD]hE]hF]hG]hI]uhKMÅh7]r)��hUX+���user jack can not update objects on node 21r*��ÖÅr+��}r,��(h<j'��h=j%��ubaubah@jF��ubj9��)År-��}r.��(h<Xd���user joe has an aggregate storage limit of 1TB (may want to consider soft and hard resource limits) hB}r/��(hD]hE]hF]hG]hI]uh=j��h7]r0��h{)År1��}r2��(h<Xc���user joe has an aggregate storage limit of 1TB (may want to consider soft and hard resource limits)r3��h=j-��h>h?h@hhB}r4��(hD]hE]hF]hG]hI]uhKMÉh7]r5��hUXc���user joe has an aggregate storage limit of 1TB (may want to consider soft and hard resource limits)r6��ÖÅr7��}r8��(h<j3��h=j1��ubaubah@jF��ubj9��)År9��}r:��(h<X:���user joe has a network bandwidth transfer limit of 10mb/s hB}r;��(hD]hE]hF]hG]hI]uh=j��h7]r<��h{)År=��}r>��(h<X9���user joe has a network bandwidth transfer limit of 10mb/sr?��h=j9��h>h?h@hhB}r@��(hD]hE]hF]hG]hI]uhKMÖh7]rA��hUX9���user joe has a network bandwidth transfer limit of 10mb/srB��ÖÅrC��}rD��(h<j?��h=j=��ubaubah@jF��ubeh@jÉ��ubaubh{)ÅrE��}rF��(h<X‡���Note that these types of node-level resource limitations may not be implemented currently on most member nodes, but the authorization system should be expressive enough to allow node operators to build in these restrictions.rG��h=jì ��h>h?h@hhB}rH��(hD]hE]hF]hG]hI]uhKMáhLhh7]rI��hUX‡���Note that these types of node-level resource limitations may not be implemented currently on most member nodes, but the authorization system should be expressive enough to allow node operators to build in these restrictions.rJ��ÖÅrK��}rL��(h<jG��h=jE��ubaubeubh9)ÅrM��}rN��(h<U�h=h:h>h?h@hAhB}rO��(hD]hE]hF]hG]rP��h$ahI]rQ��hauhKMãhLhh7]rR��(hN)ÅrS��}rT��(h<X7���795: System must support revocation of user permissionsrU��h=jM��h>h?h@hRhB}rV��(hD]hE]hF]hG]hI]uhKMãhLhh7]rW��hUX7���795: System must support revocation of user permissionsrX��ÖÅrY��}rZ��(h<jU��h=jS��ubaubjÛ��)År[��}r\��(h<U�h=jM��h>h?h@jˆ��hB}r]��(hD]hE]hF]hG]hI]uhKMçhLhh7]r^��j˘��)År_��}r`��(h<U�h=j[��h>h?h@j¸��hB}ra��(hD]hE]hF]hG]hI]uhKMçhLhh7]rb��(jˇ��)Årc��}rd��(h<X���IDre��h=j_��h>h?h@j��hB}rf��(hD]hE]hF]hG]hI]uhKK�h7]rg��hUX���IDrh��ÖÅri��}rj��(h<je��h=jc��ubaubj ��)Årk��}rl��(h<X$���https://trac.dataone.org/ticket/795 hB}rm��(hD]hE]hF]hG]hI]uh=j_��h7]rn��h{)Åro��}rp��(h<X#���https://trac.dataone.org/ticket/795rq��h=jk��h>h?h@hhB}rr��(hD]hE]hF]hG]hI]uhKMçh7]rs��j��)Årt��}ru��(h<jq��hB}rv��(Urefurijq��hG]hF]hD]hE]hI]uh=jo��h7]rw��hUX#���https://trac.dataone.org/ticket/795rx��ÖÅry��}rz��(h<U�h=jt��ubah@j��ubaubah@j��ubeubaubh{)År{��}r|��(h<Xú���The system should be able to revoke any user's permissions and, ultimately, their direct access to the system, if the user is misbehaving within the system.r}��h=jM��h>h?h@hhB}r~��(hD]hE]hF]hG]hI]uhKMèhLhh7]r��hUXú���The system should be able to revoke any user's permissions and, ultimately, their direct access to the system, if the user is misbehaving within the system.rÄ��ÖÅrÅ��}rÇ��(h<j}��h=j{��ubaubh{)ÅrÉ��}rÑ��(h<XM��Although it is unclear as to who assigns permissions, I believe that the final responsibility and authority for access control is the DataONE administrator. As such, permissions and simple access to any part of the DataONE infrastructure, and perhaps member node infrastructure that is accessed through DataONE, should be revokable.rÖ��h=jM��h>h?h@hhB}rÜ��(hD]hE]hF]hG]hI]uhKMëhLhh7]rá��hUXM��Although it is unclear as to who assigns permissions, I believe that the final responsibility and authority for access control is the DataONE administrator. As such, permissions and simple access to any part of the DataONE infrastructure, and perhaps member node infrastructure that is accessed through DataONE, should be revokable.rà��ÖÅrâ��}rä��(h<jÖ��h=jÉ��ubaubh{)Årã��}rå��(h<X���Fit Criteriarç��h=jM��h>h?h@hhB}ré��(hD]hE]hF]hG]hI]uhKMìhLhh7]rè��hUX���Fit Criteriarê��ÖÅrë��}rí��(h<jç��h=jã��ubaubj3��)Årì��}rî��(h<U�h=jM��h>h?h@jÉ��hB}rï��(j7��X���*hG]hF]hD]hE]hI]uhKMïhLhh7]rñ��(j9��)Åró��}rò��(h<X>���Administrator can change permissions for a user for any objectrô��h=jì��h>h?h@jF��hB}rö��(hD]hE]hF]hG]hI]uhKNhLhh7]rõ��h{)Årú��}rù��(h<jô��h=jó��h>h?h@hhB}rû��(hD]hE]hF]hG]hI]uhKMïh7]rü��hUX>���Administrator can change permissions for a user for any objectr†��ÖÅr°��}r¢��(h<jô��h=jú��ubaubaubj9��)År£��}r§��(h<XG���Permission changes are propagated through the system within XXX secondsr•��h=jì��h>h?h@jF��hB}r¶��(hD]hE]hF]hG]hI]uhKNhLhh7]rß��h{)År®��}r©��(h<j•��h=j£��h>h?h@hhB}r™��(hD]hE]hF]hG]hI]uhKMñh7]r´��hUXG���Permission changes are propagated through the system within XXX secondsr¨��ÖÅr≠��}rÆ��(h<j•��h=j®��ubaubaubj9��)ÅrØ��}r∞��(h<XQ���Read, write access rules can be altered for a user for all content in the system h=jì��h>h?h@jF��hB}r±��(hD]hE]hF]hG]hI]uhKNhLhh7]r≤��h{)År≥��}r¥��(h<XP���Read, write access rules can be altered for a user for all content in the systemrµ��h=jØ��h>h?h@hhB}r∂��(hD]hE]hF]hG]hI]uhKMóh7]r∑��hUXP���Read, write access rules can be altered for a user for all content in the systemr∏��ÖÅrπ��}r∫��(h<jµ��h=j≥��ubaubaubeubeubh9)Årª��}rº��(h<U�h=h:h>h?h@hAhB}rΩ��(hD]hE]hF]hG]ræ��h+ahI]rø��hauhKMöhLhh7]r¿��(hN)År¡��}r¬��(h<X?���820: Common API for authentication and authorization operationsr√��h=jª��h>h?h@hRhB}rƒ��(hD]hE]hF]hG]hI]uhKMöhLhh7]r≈��hUX?���820: Common API for authentication and authorization operationsr∆��ÖÅr«��}r»��(h<j√��h=j¡��ubaubjÛ��)År…��}r ��(h<U�h=jª��h>h?h@jˆ��hB}rÀ��(hD]hE]hF]hG]hI]uhKMúhLhh7]rÃ��j˘��)ÅrÕ��}rŒ��(h<U�h=j…��h>h?h@j¸��hB}rœ��(hD]hE]hF]hG]hI]uhKMúhLhh7]r–��(jˇ��)År—��}r“��(h<X���IDr”��h=jÕ��h>h?h@j��hB}r‘��(hD]hE]hF]hG]hI]uhKK�h7]r’��hUX���IDr÷��ÖÅr◊��}rÿ��(h<j”��h=j—��ubaubj ��)ÅrŸ��}r⁄��(h<X$���https://trac.dataone.org/ticket/820 hB}r€��(hD]hE]hF]hG]hI]uh=jÕ��h7]r‹��h{)År›��}rfi��(h<X#���https://trac.dataone.org/ticket/820rfl��h=jŸ��h>h?h@hhB}r‡��(hD]hE]hF]hG]hI]uhKMúh7]r·��j��)År‚��}r„��(h<jfl��hB}r‰��(Urefurijfl��hG]hF]hD]hE]hI]uh=j›��h7]rÂ��hUX#���https://trac.dataone.org/ticket/820rÊ��ÖÅrÁ��}rË��(h<U�h=j‚��ubah@j��ubaubah@j��ubeubaubh{)ÅrÈ��}rÍ��(h<X¨���There should be a common API utilized by the major software components of the infrastructure for DataONE (for all DataNet?) for authentication and authorization operations.rÎ��h=jª��h>h?h@hhB}rÏ��(hD]hE]hF]hG]hI]uhKMûhLhh7]rÌ��hUX¨���There should be a common API utilized by the major software components of the infrastructure for DataONE (for all DataNet?) for authentication and authorization operations.rÓ��ÖÅrÔ��}r��(h<jÎ��h=jÈ��ubaubh{)ÅrÒ��}rÚ��(h<X ���RationalerÛ��h=jª��h>h?h@hhB}rÙ��(hD]hE]hF]hG]hI]uhKM†hLhh7]rı��hUX ���Rationalerˆ��ÖÅr˜��}r¯��(h<jÛ��h=jÒ��ubaubh{)År˘��}r˙��(h<Xã���A common API will help minimize inconsistencies that arise from functional and semantic mis-match when interacting across multiple systems.r˚��h=jª��h>h?h@hhB}r¸��(hD]hE]hF]hG]hI]uhKM¢hLhh7]r˝��hUXã���A common API will help minimize inconsistencies that arise from functional and semantic mis-match when interacting across multiple systems.r˛��ÖÅrˇ��}r���(h<j˚��h=j˘��ubaubh{)År��}r��(h<X���Fit Criteriar��h=jª��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKM§hLhh7]r��hUX���Fit Criteriar��ÖÅr��}r��(h<j��h=j��ubaubj-��)År ��}r ��(h<U�h=jª��h>Nh@j0��hB}r��(hD]hE]hF]hG]hI]uhKNhLhh7]r��j3��)År ��}r��(h<U�hB}r��(j7��X���*hG]hF]hD]hE]hI]uh=j ��h7]r��(j9��)År��}r��(h<X@���CN, MN, and ITK libraries share a common API for authn and authzr��hB}r��(hD]hE]hF]hG]hI]uh=j ��h7]r��h{)År��}r��(h<j��h=j��h>h?h@hhB}r��(hD]hE]hF]hG]hI]uhKM¶h7]r��hUX@���CN, MN, and ITK libraries share a common API for authn and authzr��ÖÅr��}r��(h<j��h=j��ubaubah@jF��ubj9��)År��}r��(h<X>���Differing component implementations pass integration testing hB}r��(hD]hE]hF]hG]hI]uh=j ��h7]r ��h{)År!��}r"��(h<X<���Differing component implementations pass integration testingr#��h=j��h>h?h@hhB}r$��(hD]hE]hF]hG]hI]uhKMßh7]r%��hUX<���Differing component implementations pass integration testingr&��ÖÅr'��}r(��(h<j#��h=j!��ubaubah@jF��ubeh@jÉ��ubaubeubeubah<U�Utransformerr)��NU footnote_refsr*��}r+��Urefnamesr,��}r-��Usymbol_footnotesr.��]r/��Uautofootnote_refsr0��]r1��Usymbol_footnote_refsr2��]r3��U citationsr4��]r5��hLhUcurrent_liner6��NUtransform_messagesr7��]r8��Ureporterr9��NUid_startr:��KU autofootnotesr;��]r<��U citation_refsr=��}r>��Uindirect_targetsr?��]r@��UsettingsrA��(cdocutils.frontend Values rB��orC��}rD��(Ufootnote_backlinksrE��KUrecord_dependenciesrF��NUrfc_base_urlrG��Uhttps://tools.ietf.org/html/rH��U tracebackrI��àUpep_referencesrJ��NUstrip_commentsrK��NU toc_backlinksrL��hÖU language_coderM��UenrN��U datestamprO��NUreport_levelrP��KU_destinationrQ��NU halt_levelrR��KU strip_classesrS��NhRNUerror_encoding_error_handlerrT��UbackslashreplacerU��UdebugrV��NUembed_stylesheetrW��âUoutput_encoding_error_handlerrX��UstrictrY��U sectnum_xformrZ��KUdump_transformsr[��NU docinfo_xformr\��KUwarning_streamr]��NUpep_file_url_templater^��Upep-%04dr_��Uexit_status_levelr`��KUconfigra��NUstrict_visitorrb��NUcloak_email_addressesrc��àUtrim_footnote_reference_spacerd��âUenvre��NUdump_pseudo_xmlrf��NUexpose_internalsrg��NUsectsubtitle_xformrh��âUsource_linkri��NUrfc_referencesrj��NUoutput_encodingrk��Uutf-8rl��U source_urlrm��NUinput_encodingrn��U utf-8-sigro��U_disable_configrp��NU id_prefixrq��U�U tab_widthrr��KUerror_encodingrs��UUTF-8rt��U_sourceru��h?Ugettext_compactrv��àU generatorrw��NUdump_internalsrx��NUsmart_quotesry��âUpep_base_urlrz��U https://www.python.org/dev/peps/r{��Usyntax_highlightr|��Ulongr}��Uinput_encoding_error_handlerr~��jY��Uauto_id_prefixr��UidrÄ��Udoctitle_xformrÅ��âUstrip_elements_with_classesrÇ��NU _config_filesrÉ��]Ufile_insertion_enabledrÑ��àUraw_enabledrÖ��KU dump_settingsrÜ��NubUsymbol_footnote_startrá��K�Uidsrà��}râ��(h'h:h.jb��h+jª��h6j÷ ��h5ji��h)j��h,jª��h(j��h%j9 ��h3j˛��h-j ��h&jU ��h4jv��h$jM��h2jÑ��h/jÑ��h*jì ��h0j±��h1jÂ��h#jˇ��uUsubstitution_namesrä��}rã��h@hLhB}rå��(hD]hG]hF]Usourceh?hE]hI]uU footnotesrç��]ré��Urefidsrè��}rê��ub.