Äcdocutils.nodes
document
q
)Åq}q(U	nametypesq}q(X���privacy concernsqNX���logging and privacy concernsqNX���implications and issuesqNX���potential designsq	NuUsubstitution_defsq
}qUparse_messagesq]q
Ucurrent_sourceqNU
decorationqNUautofootnote_startqK
Unameidsq}q(hUprivacy-concernsqhUlogging-and-privacy-concernsqhUimplications-and-issuesqh	Upotential-designsquUchildrenq]qcdocutils.nodes
section
q)Åq}q(U	rawsourceqU�UparentqhUsourceqXl���/var/lib/jenkins/jobs/API_Documentation_trunk/workspace/api-documentation/source/notes/LoggingAndPrivacy.txtqUtagnameq Usectionq!U
attributesq"}q#(Udupnamesq$]Uclassesq%]Ubackrefsq&]Uidsq']q(haUnamesq)]q*hauUlineq+KUdocumentq,hh]q-(cdocutils.nodes
title
q.)Åq/}q0(hX���Logging and Privacy concernsq1hhhhh Utitleq2h"}q3(h$]h%]h&]h']h)]uh+Kh,hh]q4cdocutils.nodes
Text
q5X���Logging and Privacy concernsq6ÖÅq7}q8(hh1hh/ubaubcdocutils.nodes
paragraph
q9)Åq:}q;(hXB��Design decisions for DataONE have until now been focused on comprehensive and
universal logging for all operations performed on Member Nodes and Coordinating Nodes.
One rationale for this is that data providers have traditionally been unwilling to
replicate their data for distribution by other parties because they have been unable
to get usage metrics for these data.  The current DataONE design for logging is based
on 5 use cases that generally outline the need to provide log information to data
providers (see :ref:`logging-use-case-synopsis` for summary of Use Cases 16, 17, 18,
19, and 20). Under the current :doc:`../design/LoggingSchema`, all operations are logged,
recording the user's IP address, browser agent, the date and time and type of the
operation, and the user's identity if they have authenticated to the system.hhhhh U	paragraphq<h"}q=(h$]h%]h&]h']h)]uh+Kh,hh]q>(h5X��Design decisions for DataONE have until now been focused on comprehensive and
universal logging for all operations performed on Member Nodes and Coordinating Nodes.
One rationale for this is that data providers have traditionally been unwilling to
replicate their data for distribution by other parties because they have been unable
to get usage metrics for these data.  The current DataONE design for logging is based
on 5 use cases that generally outline the need to provide log information to data
providers (see q?ÖÅq@}qA(hX��Design decisions for DataONE have until now been focused on comprehensive and
universal logging for all operations performed on Member Nodes and Coordinating Nodes.
One rationale for this is that data providers have traditionally been unwilling to
replicate their data for distribution by other parties because they have been unable
to get usage metrics for these data.  The current DataONE design for logging is based
on 5 use cases that generally outline the need to provide log information to data
providers (see hh:ubcsphinx.addnodes
pending_xref
qB)ÅqC}qD(hX ���:ref:`logging-use-case-synopsis`qEhh:hhh Upending_xrefqFh"}qG(UreftypeX���refUrefwarnqHàU	reftargetqIX���logging-use-case-synopsisU	refdomainX���stdqJh']h&]Urefexplicitâh$]h%]h)]UrefdocqKX���notes/LoggingAndPrivacyqLuh+Kh]qMcdocutils.nodes
inline
qN)ÅqO}qP(hhEh"}qQ(h$]h%]qR(UxrefqShJX���std-refqTeh&]h']h)]uhhCh]qUh5X���logging-use-case-synopsisqVÖÅqW}qX(hU�hhOubah UinlineqYubaubh5XE��� for summary of Use Cases 16, 17, 18,
19, and 20). Under the current qZÖÅq[}q\(hXE��� for summary of Use Cases 16, 17, 18,
19, and 20). Under the current hh:ubhB)Åq]}q^(hX���:doc:`../design/LoggingSchema`q_hh:hhh hFh"}q`(UreftypeX���docqahHàhIX���../design/LoggingSchemaU	refdomainU�h']h&]Urefexplicitâh$]h%]h)]hKhLuh+Kh]qbhN)Åqc}qd(hh_h"}qe(h$]h%]qf(hShaeh&]h']h)]uhh]h]qgh5X���../design/LoggingSchemaqhÖÅqi}qj(hU�hhcubah hYubaubh5Xª���, all operations are logged,
recording the user's IP address, browser agent, the date and time and type of the
operation, and the user's identity if they have authenticated to the system.qkÖÅql}qm(hXª���, all operations are logged,
recording the user's IP address, browser agent, the date and time and type of the
operation, and the user's identity if they have authenticated to the system.hh:ubeubh)Åqn}qo(hU�hhhhh h!h"}qp(h$]h%]h&]h']qqhah)]qrhauh+Kh,hh]qs(h.)Åqt}qu(hX���Privacy concernsqvhhnhhh h2h"}qw(h$]h%]h&]h']h)]uh+Kh,hh]qxh5X���Privacy concernsqyÖÅqz}q{(hhvhhtubaubh9)Åq|}q}(hXB��Recently, discussions have pointed out that there are potential privacy concerns for
data users associated with these logging policies, and that DataONE should consider
cases where truly anonymous access to resources may be warranted.  A comparison has
been made to libraries, whereby patron access to resources is not recorded in order to
avoid having to expose these records to third parties. A similar situation may exist
where a data user does not want a data provider or other third parties to know that
they accessed data in DataONE.  Some example scenarios might include:q~hhnhhh h<h"}q(h$]h%]h&]h']h)]uh+Kh,hh]qÄh5XB��Recently, discussions have pointed out that there are potential privacy concerns for
data users associated with these logging policies, and that DataONE should consider
cases where truly anonymous access to resources may be warranted.  A comparison has
been made to libraries, whereby patron access to resources is not recorded in order to
avoid having to expose these records to third parties. A similar situation may exist
where a data user does not want a data provider or other third parties to know that
they accessed data in DataONE.  Some example scenarios might include:qÅÖÅqÇ}qÉ(hh~hh|ubaubcdocutils.nodes
bullet_list
qÑ)ÅqÖ}qÜ(hU�hhnhhh Ubullet_listqáh"}qà(UbulletqâX
���*h']h&]h$]h%]h)]uh+Kh,hh]qä(cdocutils.nodes
list_item
qã)Åqå}qç(hX{���A scientist wants to analyze climate change data, but not have the set be traceable
by regulatory bodies until they publishhhÖhhh U	list_itemqéh"}qè(h$]h%]h&]h']h)]uh+Nh,hh]qêh9)Åqë}qí(hX{���A scientist wants to analyze climate change data, but not have the set be traceable
by regulatory bodies until they publishqìhhåhhh h<h"}qî(h$]h%]h&]h']h)]uh+Kh]qïh5X{���A scientist wants to analyze climate change data, but not have the set be traceable
by regulatory bodies until they publishqñÖÅqó}qò(hhìhhëubaubaubhã)Åqô}qö(hXc���A scientist wants to analyze a set of data, but not have the set be visible to
possible colleagues
hhÖhhh héh"}qõ(h$]h%]h&]h']h)]uh+Nh,hh]qúh9)Åqù}qû(hXb���A scientist wants to analyze a set of data, but not have the set be visible to
possible colleaguesqühhôhhh h<h"}q†(h$]h%]h&]h']h)]uh+Kh]q°h5Xb���A scientist wants to analyze a set of data, but not have the set be visible to
possible colleaguesq¢ÖÅq£}q§(hhühhùubaubaubeubh9)Åq•}q¶(hXG���There may be more compelling scenarios than these for privacy concerns.qßhhnhhh h<h"}q®(h$]h%]h&]h']h)]uh+Kh,hh]q©h5XG���There may be more compelling scenarios than these for privacy concerns.q™ÖÅq´}q¨(hhßhh•ubaubeubh)Åq≠}qÆ(hU�hhhhh h!h"}qØ(h$]h%]h&]h']q∞hah)]q±h	auh+K!h,hh]q≤(h.)Åq≥}q¥(hX���Potential designsqµhh≠hhh h2h"}q∂(h$]h%]h&]h']h)]uh+K!h,hh]q∑h5X���Potential designsq∏ÖÅqπ}q∫(hhµhh≥ubaubhÑ)Åqª}qº(hU�hh≠hhh háh"}qΩ(hâX
���*h']h&]h$]h%]h)]uh+K"h,hh]qæ(hã)Åqø}q¿(hXfi���All Events Logged and users identified
  - All MNs must implement logging, must provide user
    identity in those logs if the user has been authenticated, and must provide
    those logs to the CN log aggregation service.hhªhNh héh"}q¡(h$]h%]h&]h']h)]uh+Nh,hh]q¬cdocutils.nodes
definition_list
q√)Åqƒ}q≈(hU�h"}q∆(h$]h%]h&]h']h)]uhhøh]q«cdocutils.nodes
definition_list_item
q»)Åq…}q (hXÿ���All Events Logged and users identified
- All MNs must implement logging, must provide user
  identity in those logs if the user has been authenticated, and must provide
  those logs to the CN log aggregation service.hhƒhhh Udefinition_list_itemqÀh"}qÃ(h$]h%]h&]h']h)]uh+K$h]qÕ(cdocutils.nodes
term
qŒ)Åqœ}q–(hX&���All Events Logged and users identifiedq—hh…hhh Utermq“h"}q”(h$]h%]h&]h']h)]uh+K$h]q‘h5X&���All Events Logged and users identifiedq’ÖÅq÷}q◊(hh—hhœubaubcdocutils.nodes
definition
qÿ)ÅqŸ}q⁄(hU�h"}q€(h$]h%]h&]h']h)]uhh…h]q‹hÑ)Åq›}qfi(hU�h"}qfl(hâX
���-h']h&]h$]h%]h)]uhhŸh]q‡hã)Åq·}q‚(hX´���All MNs must implement logging, must provide user
identity in those logs if the user has been authenticated, and must provide
those logs to the CN log aggregation service.h"}q„(h$]h%]h&]h']h)]uhh›h]q‰h9)ÅqÂ}qÊ(hX´���All MNs must implement logging, must provide user
identity in those logs if the user has been authenticated, and must provide
those logs to the CN log aggregation service.qÁhh·hhh h<h"}qË(h$]h%]h&]h']h)]uh+K#h]qÈh5X´���All MNs must implement logging, must provide user
identity in those logs if the user has been authenticated, and must provide
those logs to the CN log aggregation service.qÍÖÅqÎ}qÏ(hhÁhhÂubaubah héubah háubah U
definitionqÌubeubah Udefinition_listqÓubaubhã)ÅqÔ}q(hXÁ
��Data Providers can require user identity
  - Currently, DataONE access control directives (see
    :doc:`../design/Authorization`) would allow a data provider to specify
    that objects are only accessible to 'AuthenticatedUser's, which means that their
    username, other identifying information, and their IP number are available.
    Currently we do not have a specification about what this identifying information
    would be, but a reasonable minimal set would be Name and Email.hhªhNh héh"}qÒ(h$]h%]h&]h']h)]uh+Nh,hh]qÚh√)ÅqÛ}qÙ(hU�h"}qı(h$]h%]h&]h']h)]uhhÔh]qˆh»)Åq˜}q¯(hX€
��Data Providers can require user identity
- Currently, DataONE access control directives (see
  :doc:`../design/Authorization`) would allow a data provider to specify
  that objects are only accessible to 'AuthenticatedUser's, which means that their
  username, other identifying information, and their IP number are available.
  Currently we do not have a specification about what this identifying information
  would be, but a reasonable minimal set would be Name and Email.hhÛhhh hÀh"}q˘(h$]h%]h&]h']h)]uh+K+h]q˙(hŒ)Åq˚}q¸(hX(���Data Providers can require user identityq˝hh˜hhh h“h"}q˛(h$]h%]h&]h']h)]uh+K+h]qˇh5X(���Data Providers can require user identityr�
��ÖÅr

��}r
��(hh˝hh˚ubaubhÿ)År
��}r
��(hU�h"}r
��(h$]h%]h&]h']h)]uhh˜h]r
��hÑ)År
��}r
��(hU�h"}r	
��(hâX
���-h']h&]h$]h%]h)]uhj
��h]r

��hã)År
��}r
��(hX¶
��Currently, DataONE access control directives (see
:doc:`../design/Authorization`) would allow a data provider to specify
that objects are only accessible to 'AuthenticatedUser's, which means that their
username, other identifying information, and their IP number are available.
Currently we do not have a specification about what this identifying information
would be, but a reasonable minimal set would be Name and Email.h"}r

��(h$]h%]h&]h']h)]uhj
��h]r
��h9)År
��}r
��(hX¶
��Currently, DataONE access control directives (see
:doc:`../design/Authorization`) would allow a data provider to specify
that objects are only accessible to 'AuthenticatedUser's, which means that their
username, other identifying information, and their IP number are available.
Currently we do not have a specification about what this identifying information
would be, but a reasonable minimal set would be Name and Email.hj
��hhh h<h"}r
��(h$]h%]h&]h']h)]uh+K'h]r
��(h5X2���Currently, DataONE access control directives (see
r
��ÖÅr
��}r
��(hX2���Currently, DataONE access control directives (see
hj
��ubhB)År
��}r
��(hX���:doc:`../design/Authorization`r
��hj
��hhh hFh"}r
��(UreftypeX���docr
��hHàhIX���../design/AuthorizationU	refdomainU�h']h&]Urefexplicitâh$]h%]h)]hKhLuh+K'h]r
��hN)År
��}r
��(hj
��h"}r
��(h$]h%]r
��(hSj
��eh&]h']h)]uhj
��h]r 
��h5X���../design/Authorizationr!
��ÖÅr"
��}r#
��(hU�hj
��ubah hYubaubh5XV
��) would allow a data provider to specify
that objects are only accessible to 'AuthenticatedUser's, which means that their
username, other identifying information, and their IP number are available.
Currently we do not have a specification about what this identifying information
would be, but a reasonable minimal set would be Name and Email.r$
��ÖÅr%
��}r&
��(hXV
��) would allow a data provider to specify
that objects are only accessible to 'AuthenticatedUser's, which means that their
username, other identifying information, and their IP number are available.
Currently we do not have a specification about what this identifying information
would be, but a reasonable minimal set would be Name and Email.hj
��ubeubah héubah háubah hÌubeubah hÓubaubhã)År'
��}r(
��(hXK��Data Consumers can request anonymity
  - Under this scenario, data consumers would not authenticate against DataONE, and
    thus their identifying information would not be logged at MN or CN.  However,
    under the current specification, their IP number would still be recorded, which
    may be sufficient to identify the user.  The specification could be modified to
    eliminate the collection of IP numbers for the non-authenticated users, but this
    would significantly comprimise our ability to analyze anonymous download
    statistics (e.g., geographic breakdown, differentiating web-crawler accesses
    versus user accesses, etc.). An alternative would be to create a mechanism to
    differentiate typical non-authenticated access (where IP numbers are recorded)
    from 'anonymous' access (where IP numbers are not recorded).hhªhNh héh"}r)
��(h$]h%]h&]h']h)]uh+Nh,hh]r*
��h√)År+
��}r,
��(hU�h"}r-
��(h$]h%]h&]h']h)]uhj'
��h]r.
��h»)År/
��}r0
��(hX7��Data Consumers can request anonymity
- Under this scenario, data consumers would not authenticate against DataONE, and
  thus their identifying information would not be logged at MN or CN.  However,
  under the current specification, their IP number would still be recorded, which
  may be sufficient to identify the user.  The specification could be modified to
  eliminate the collection of IP numbers for the non-authenticated users, but this
  would significantly comprimise our ability to analyze anonymous download
  statistics (e.g., geographic breakdown, differentiating web-crawler accesses
  versus user accesses, etc.). An alternative would be to create a mechanism to
  differentiate typical non-authenticated access (where IP numbers are recorded)
  from 'anonymous' access (where IP numbers are not recorded).hj+
��hhh hÀh"}r1
��(h$]h%]h&]h']h)]uh+K6h]r2
��(hŒ)År3
��}r4
��(hX$���Data Consumers can request anonymityr5
��hj/
��hhh h“h"}r6
��(h$]h%]h&]h']h)]uh+K6h]r7
��h5X$���Data Consumers can request anonymityr8
��ÖÅr9
��}r:
��(hj5
��hj3
��ubaubhÿ)År;
��}r<
��(hU�h"}r=
��(h$]h%]h&]h']h)]uhj/
��h]r>
��hÑ)År?
��}r@
��(hU�h"}rA
��(hâX
���-h']h&]h$]h%]h)]uhj;
��h]rB
��hã)ÅrC
��}rD
��(hX˛��Under this scenario, data consumers would not authenticate against DataONE, and
thus their identifying information would not be logged at MN or CN.  However,
under the current specification, their IP number would still be recorded, which
may be sufficient to identify the user.  The specification could be modified to
eliminate the collection of IP numbers for the non-authenticated users, but this
would significantly comprimise our ability to analyze anonymous download
statistics (e.g., geographic breakdown, differentiating web-crawler accesses
versus user accesses, etc.). An alternative would be to create a mechanism to
differentiate typical non-authenticated access (where IP numbers are recorded)
from 'anonymous' access (where IP numbers are not recorded).h"}rE
��(h$]h%]h&]h']h)]uhj?
��h]rF
��h9)ÅrG
��}rH
��(hX˛��Under this scenario, data consumers would not authenticate against DataONE, and
thus their identifying information would not be logged at MN or CN.  However,
under the current specification, their IP number would still be recorded, which
may be sufficient to identify the user.  The specification could be modified to
eliminate the collection of IP numbers for the non-authenticated users, but this
would significantly comprimise our ability to analyze anonymous download
statistics (e.g., geographic breakdown, differentiating web-crawler accesses
versus user accesses, etc.). An alternative would be to create a mechanism to
differentiate typical non-authenticated access (where IP numbers are recorded)
from 'anonymous' access (where IP numbers are not recorded).rI
��hjC
��hhh h<h"}rJ
��(h$]h%]h&]h']h)]uh+K.h]rK
��h5X˛��Under this scenario, data consumers would not authenticate against DataONE, and
thus their identifying information would not be logged at MN or CN.  However,
under the current specification, their IP number would still be recorded, which
may be sufficient to identify the user.  The specification could be modified to
eliminate the collection of IP numbers for the non-authenticated users, but this
would significantly comprimise our ability to analyze anonymous download
statistics (e.g., geographic breakdown, differentiating web-crawler accesses
versus user accesses, etc.). An alternative would be to create a mechanism to
differentiate typical non-authenticated access (where IP numbers are recorded)
from 'anonymous' access (where IP numbers are not recorded).rL
��ÖÅrM
��}rN
��(hjI
��hjG
��ubaubah héubah háubah hÌubeubah hÓubaubhã)ÅrO
��}rP
��(hXk
��Both require identity and request anonymity
  - A combination of the last two scenarios, where data providers can demand
    identity through authentication, and consumers can insist upon anonymity.  In
    this case, any data objects that would otherwise be available to the user but
    require identity logging would be omitted from access by anonymous users.
hhªhNh héh"}rQ
��(h$]h%]h&]h']h)]uh+Nh,hh]rR
��h√)ÅrS
��}rT
��(hU�h"}rU
��(h$]h%]h&]h']h)]uhjO
��h]rV
��h»)ÅrW
��}rX
��(hXc
��Both require identity and request anonymity
- A combination of the last two scenarios, where data providers can demand
  identity through authentication, and consumers can insist upon anonymity.  In
  this case, any data objects that would otherwise be available to the user but
  require identity logging would be omitted from access by anonymous users.
hjS
��hhh hÀh"}rY
��(h$]h%]h&]h']h)]uh+K<h]rZ
��(hŒ)År[
��}r\
��(hX+���Both require identity and request anonymityr]
��hjW
��hhh h“h"}r^
��(h$]h%]h&]h']h)]uh+K<h]r_
��h5X+���Both require identity and request anonymityr`
��ÖÅra
��}rb
��(hj]
��hj[
��ubaubhÿ)Årc
��}rd
��(hU�h"}re
��(h$]h%]h&]h']h)]uhjW
��h]rf
��hÑ)Årg
��}rh
��(hU�h"}ri
��(hâX
���-h']h&]h$]h%]h)]uhjc
��h]rj
��hã)Årk
��}rl
��(hX/
��A combination of the last two scenarios, where data providers can demand
identity through authentication, and consumers can insist upon anonymity.  In
this case, any data objects that would otherwise be available to the user but
require identity logging would be omitted from access by anonymous users.
h"}rm
��(h$]h%]h&]h']h)]uhjg
��h]rn
��h9)Åro
��}rp
��(hX.
��A combination of the last two scenarios, where data providers can demand
identity through authentication, and consumers can insist upon anonymity.  In
this case, any data objects that would otherwise be available to the user but
require identity logging would be omitted from access by anonymous users.rq
��hjk
��hhh h<h"}rr
��(h$]h%]h&]h']h)]uh+K9h]rs
��h5X.
��A combination of the last two scenarios, where data providers can demand
identity through authentication, and consumers can insist upon anonymity.  In
this case, any data objects that would otherwise be available to the user but
require identity logging would be omitted from access by anonymous users.rt
��ÖÅru
��}rv
��(hjq
��hjo
��ubaubah héubah háubah hÌubeubah hÓubaubeubeubh)Årw
��}rx
��(hU�hhhhh h!h"}ry
��(h$]h%]h&]h']rz
��hah)]r{
��hauh+K?h,hh]r|
��(h.)År}
��}r~
��(hX���Implications and Issuesr
��hjw
��hhh h2h"}rÄ
��(h$]h%]h&]h']h)]uh+K?h,hh]rÅ
��h5X���Implications and IssuesrÇ
��ÖÅrÉ
��}rÑ
��(hj
��hj}
��ubaubhÑ)ÅrÖ
��}rÜ
��(hU�hjw
��hhh háh"}rá
��(hâX
���*h']h&]h$]h%]h)]uh+K@h,hh]rà
��(hã)Årâ
��}rä
��(hX���The addition of truly anonymous access complicates the design and implementation of
the APIs, and it makes implementation of the APIs considerably more burdensome for
MNs. This may reduce the number of participating member nodes.hjÖ
��hhh héh"}rã
��(h$]h%]h&]h']h)]uh+Nh,hh]rå
��h9)Årç
��}ré
��(hX���The addition of truly anonymous access complicates the design and implementation of
the APIs, and it makes implementation of the APIs considerably more burdensome for
MNs. This may reduce the number of participating member nodes.rè
��hjâ
��hhh h<h"}rê
��(h$]h%]h&]h']h)]uh+K@h]rë
��h5X���The addition of truly anonymous access complicates the design and implementation of
the APIs, and it makes implementation of the APIs considerably more burdensome for
MNs. This may reduce the number of participating member nodes.rí
��ÖÅrì
��}rî
��(hjè
��hjç
��ubaubaubhã)Årï
��}rñ
��(hXO
��The addition of anonymous access may deter MNs from joining DataONE if they can not
get usage tracking statistics for their data.  Experience with the KNB has indicated
that one of the main reasons that contributors only choose to share metadata and not
data is that they want to be able to guarantee uage reporting data for their datahjÖ
��hhh héh"}ró
��(h$]h%]h&]h']h)]uh+Nh,hh]rò
��h9)Årô
��}rö
��(hXO
��The addition of anonymous access may deter MNs from joining DataONE if they can not
get usage tracking statistics for their data.  Experience with the KNB has indicated
that one of the main reasons that contributors only choose to share metadata and not
data is that they want to be able to guarantee uage reporting data for their datarõ
��hjï
��hhh h<h"}rú
��(h$]h%]h&]h']h)]uh+KCh]rù
��h5XO
��The addition of anonymous access may deter MNs from joining DataONE if they can not
get usage tracking statistics for their data.  Experience with the KNB has indicated
that one of the main reasons that contributors only choose to share metadata and not
data is that they want to be able to guarantee uage reporting data for their datarû
��ÖÅrü
��}r†
��(hjõ
��hjô
��ubaubaubhã)År°
��}r¢
��(hX‡���We need to resolve whether our current concept of 'Public' access to data (see
:doc:`../design/Authorization`), which allows non-authenticated access, also implies that the
IP number of the requesting client not be recorded.hjÖ
��hhh héh"}r£
��(h$]h%]h&]h']h)]uh+Nh,hh]r§
��h9)År•
��}r¶
��(hX‡���We need to resolve whether our current concept of 'Public' access to data (see
:doc:`../design/Authorization`), which allows non-authenticated access, also implies that the
IP number of the requesting client not be recorded.hj°
��hhh h<h"}rß
��(h$]h%]h&]h']h)]uh+KGh]r®
��(h5XO���We need to resolve whether our current concept of 'Public' access to data (see
r©
��ÖÅr™
��}r´
��(hXO���We need to resolve whether our current concept of 'Public' access to data (see
hj•
��ubhB)År¨
��}r≠
��(hX���:doc:`../design/Authorization`rÆ
��hj•
��hhh hFh"}rØ
��(UreftypeX���docr∞
��hHàhIX���../design/AuthorizationU	refdomainU�h']h&]Urefexplicitâh$]h%]h)]hKhLuh+KGh]r±
��hN)År≤
��}r≥
��(hjÆ
��h"}r¥
��(h$]h%]rµ
��(hSj∞
��eh&]h']h)]uhj¨
��h]r∂
��h5X���../design/Authorizationr∑
��ÖÅr∏
��}rπ
��(hU�hj≤
��ubah hYubaubh5Xs���), which allows non-authenticated access, also implies that the
IP number of the requesting client not be recorded.r∫
��ÖÅrª
��}rº
��(hXs���), which allows non-authenticated access, also implies that the
IP number of the requesting client not be recorded.hj•
��ubeubaubhã)ÅrΩ
��}ræ
��(hXK
��What level of user identification and logging will NSF require from DataONE and other DataNet
partners?  For many data projects, there is often some level of requirement for identification
of the kinds of users and where they come from (particularly to the limited extent that this
can be inferred from data such as IP addresses).
hjÖ
��hhh héh"}rø
��(h$]h%]h&]h']h)]uh+Nh,hh]r¿
��h9)År¡
��}r¬
��(hXJ
��What level of user identification and logging will NSF require from DataONE and other DataNet
partners?  For many data projects, there is often some level of requirement for identification
of the kinds of users and where they come from (particularly to the limited extent that this
can be inferred from data such as IP addresses).r√
��hjΩ
��hhh h<h"}rƒ
��(h$]h%]h&]h']h)]uh+KJh]r≈
��h5XJ
��What level of user identification and logging will NSF require from DataONE and other DataNet
partners?  For many data projects, there is often some level of requirement for identification
of the kinds of users and where they come from (particularly to the limited extent that this
can be inferred from data such as IP addresses).r∆
��ÖÅr«
��}r»
��(hj√
��hj¡
��ubaubaubeubeubeubahU�Utransformerr…
��NU
footnote_refsr 
��}r��UrefnamesrÃ
��}rÕ
��Usymbol_footnotesrŒ
��]rœ
��Uautofootnote_refsr–
��]r—
��Usymbol_footnote_refsr“
��]r”
��U	citationsr‘
��]r’
��h,hUcurrent_liner÷
��NUtransform_messagesr◊
��]rÿ
��UreporterrŸ
��NUid_startr⁄
��K
U
autofootnotesr€
��]r‹
��U
citation_refsr›
��}rfi
��Uindirect_targetsrfl
��]r‡
��Usettingsr·
��(cdocutils.frontend
Values
r‚
��or„
��}r‰
��(Ufootnote_backlinksrÂ
��K
Urecord_dependenciesrÊ
��NUrfc_base_urlrÁ
��Uhttps://tools.ietf.org/html/rË
��U	tracebackrÈ
��àUpep_referencesrÍ
��NUstrip_commentsrÎ
��NU
toc_backlinksrÏ
��UentryrÌ
��U
language_coderÓ
��UenrÔ
��U	datestampr
��NUreport_levelrÒ
��KU_destinationrÚ
��NU
halt_levelrÛ
��KU
strip_classesrÙ
��Nh2NUerror_encoding_error_handlerrı
��Ubackslashreplacerˆ
��Udebugr˜
��NUembed_stylesheetr¯
��âUoutput_encoding_error_handlerr˘
��Ustrictr˙
��U
sectnum_xformr˚
��K
Udump_transformsr¸
��NU
docinfo_xformr˝
��K
Uwarning_streamr˛
��NUpep_file_url_templaterˇ
��Upep-%04dr���Uexit_status_levelr
��KUconfigr��NUstrict_visitorr��NUcloak_email_addressesr��àUtrim_footnote_reference_spacer��âUenvr��NUdump_pseudo_xmlr��NUexpose_internalsr��NUsectsubtitle_xformr	��âUsource_linkr
��NUrfc_referencesr��NUoutput_encodingr��Uutf-8r
��U
source_urlr��NUinput_encodingr��U	utf-8-sigr��U_disable_configr��NU	id_prefixr��U�U	tab_widthr��KUerror_encodingr��UUTF-8r��U_sourcer��hUgettext_compactr��àU	generatorr��NUdump_internalsr��NUsmart_quotesr��âUpep_base_urlr��U https://www.python.org/dev/peps/r��Usyntax_highlightr��Ulongr��Uinput_encoding_error_handlerr��j˙
��Uauto_id_prefixr ��Uidr!��Udoctitle_xformr"��âUstrip_elements_with_classesr#��NU
_config_filesr$��]Ufile_insertion_enabledr%��àUraw_enabledr&��K
U
dump_settingsr'��NubUsymbol_footnote_startr(��K�Uidsr)��}r*��(hh≠hhnhjw
��hhuUsubstitution_namesr+��}r,��h h,h"}r-��(h$]h']h&]Usourcehh%]h)]uU	footnotesr.��]r/��Urefidsr0��}r1��ub.