Use Case 12 - User Authentication
- Goal
- User Authentication - Person or service via client software authenticates
against an identify provider to establish session token that can
subsequently be used as a proxy for the user.
- Summary
Many operations in the DataONE system require affirmation of user identity
to ensure that appropriate access controls can be asserted and other
services such as citation and notification operate as expected.
The actual identity and authentication framework may exist outside of
DataONE, and the first version of the infrastructure will be utilizing the
certificate based services of the CILogon service.
The user obtains a certificate from the CILogon service, then uses that
certificate to obtain an authentication token that can be used in the
DataONE system. The authentication token is (perhaps) a SAML document that
contains information mapping the user to n identities that may be
recognized by the DataONE participant nodes.
- Actors
- User, Member Node, Coordinating Node, Authentication System
- Preconditions
- User is not authenticated in the system
- Triggers
- A user logs on to the DataONE system.
- A user tries to perform an operation in the DataONE system that requires
authentication.
- Post Conditions
- An auth_token is returned to the user (application) that can be used
for future interactions with the DataONE system.
- In the event of authentication failure, the auth_token will provide
identity equivalent to an anonymous user.
- The authentication operation is recorded in CN logs (depending on where
the authentication attempt was made)
- The auth_token is trusted by participant Member Nodes as a proxy for the
actual user.
Figure 3. Interactions for use case 12.
Notes
- To be a bit more abstract, it might be good to use something like
login(user, credentials) or login(subject) for the method signature. Here
“subject” would be similar to the javax.security.auth.Subject
concept. (PEA)
- Can logins also happening against a MN, which simply proxies the request up
to the CN? (PEA)
- Need to specify a time to live for auth_tokens. Is this part of the
authentication sub-system? If so, can the TTL be altered by the DataONE
system?