wiki:TI12_Security/NDG/UseCases/DataProviderAddResourceAccessControl

Version 1 (modified by pjkersha, 12 years ago) (diff)

--

Location: SecurityTeam/UseCases?/DataProviderAddResourceAccessControl?

Data Provider adds NDG Security Access Control to a new Resource

Description

A data provider systems administrator or PI for some dataset wishes to make the data available but with restricted access based on the NDG security framework.

Actors

  • Data Provider
  • Data Provider systems administrator
  • Data set to be served
  • Gatekeeper WS
  • Attribute Authority WS
  • Data Provider roles
  • Data Provider Role Mapping

Assumptions

Data Provider has NDG security infrastructure deployed. See Data Provider Deploys NDG Security?.

Triggers

Data Provider wishes to serve a data set under restricted access.

Outcome

Data is available under restricted access.

Normal Course

  1. Identify role or roles to control access to the resource.
  2. Configure a Gatekeeper WS to control what access rights do the role or roles correspond to? - read-only? / write? / administrator?
  3. Update user - roles interface. This would typically be a data provider user database. Add the role to the list of roles that the data provider supports. Assign the role or roles to the required users.
  4. Share access to this data with users from other data providers? If so, liaise with the data providers to determine which role mappings to include. If necessary trusted data providers may need to create their own new roles to support this mapping.
  5. Ensure other NDG services which use security are configured correctly to allow for the new data set.
  6. Design and implement any additional software interfaces required e.g. CGI scripts for web interface.