Identity Management and Access Control for the GNSS Community within a European Research Infrastructure

Abstract

Identity and access management systems aim to simplify authentication and authorization, however they do not solve all the problems that an application have related to issues such as the aggregation of user identities and token management and usage for user applications. This article describes the authentication and authorization problems related to service orientated architectures that are built on web services and in particular how systems may aggregate identities, often for statistical usage purposes, and how they manage tokens for web services built for open system using proxy servers and how systems should handle user applications that need to manage identity tokens. We discuss the difficulties and implementation solution adopted for the Global Navigation Satellite System Community within the European Plate Observing System research infrastructure project. In particular the paper discusses the thematic core service users using multiple identities and accessing services using both web portals and command line interfaces that are built on accessing RESTful web services.