ORCID and Federated Identity and Access Management

1,109 views

Published on

From the ORCID Outreach Meeting, May 21-22, 2014, Chicago, Illinois, USA, https://orcid.org/content/orcid-outreach-meeting-and-codefest-may-2014

ORCID identifiers in access management

Universities and other research organizations have begun utilizing the ORCID identifier to manage access to repositories and research information systems. This session will feature a discussion of integration opportunities, policy and privacy issues, and demonstrations by research organizations.

Moderator: Ed Pentz, Executive Director, CrossRef

Presenters:

Keith Hazelton, Senior IT Architect the University of Wisconsin-Madison/Chair of Internet2 MACE-Dir working group
Jared Lyle, Director of Curation Services, Inter-university Consortium for Political and Social Research (ICPSR), University of Michigan
Ken Okaya, Product Manager, Rightsholder Services, Copyright Clearance Center / slides
Doug Hahn, Senior Information Technology Manager, Texas A&M University
Elaine Westbrooks, Associate University Librarian for Research, University of Michigan

Published in: Technology, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,109
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Neither SP nor IdP can dictate the attributes to be passed

    Has to be a meeting of the minds about what information is needed
  • Neither SP nor IdP can dictate the attributes to be passed

    Has to be a meeting of the minds about what information is needed
  • ORCID and Federated Identity and Access Management

    1. 1. ORCID and Federated Identity and Access Management ORCID Outreach, Chicago, May 21, 2014 Keith Hazelton, Internet2, Univ. of Wisconsin-Madison
    2. 2. • ORCID iDs can be passed as part of the attribute payload when a user accesses a federated service • Raises a question that doesn’t yet have a definitive answer: • Are there valid usage scenarios for this possibility? • First: What is federated use of ORCID iDs and what value might it have? ORCID in Identity Federation Scenarios
    3. 3. Attribute Schema for Federated Access • Whenever an organization wants its members to get access to third party digital resources and services • In federated scenarios, the organization offers an Identity Provider (IdP) serving its members/users while third party resources and services are represented as Service Providers (SPs)
    4. 4. Federated Flows Deliver Content Assert Attributes Authenticate
    5. 5. Federated Flows Deliver Content Assert Attributes Authenticate eduPersonOrcid: http://orcid.org/0000-0102-9134-699X
    6. 6. There is now a defined way to do this
    7. 7. • What is the risk to SP of accepting IdPs assertion? • Could standardized verification methods at IdP institution mitigate the risk? • How would the SP know if a particular ORCID iD had been verified? • Is SP-side verification always the better alternative? – Since the user is “present”, ORCID APIs could be leveraged – But that adds a computational step to the SP processing Federated exchange of ORCID iDs -- good practice?

    ×