The basic cross-organizational access management problem

The basic cross-organizational access management problem is exemplified by most licensing agreements for networked information resources today; it also arises in situations where institutions agree to share limited-access resources with other institutions as part of consortia or other resource sharing collaborations. In such an agreement, an institution — a university, a school, a public library, a corporation — defines a user community which has access to some network resource. This community is typically large, numbering perhaps in the tens of thousands of individuals, and membership may be volatile over time, reflecting for example the characteristics of a student body. The operator of the network resource, which may a web site, or a resource reached by other protocols such as Telnet terminal emulation or the Z39.50 information retrieval protocol needs to decide whether users seeking access to the resource are actually members of the user community that the licensee institution defined as part of the license agreement.
Note that the issue here is not how the licensee defines the user community — for example how a university might define students, staff members and faculty (all of the problems about alumni, part time and extension students, adjunct faculty, affiliated medical staff and the like); it is assumed that the institution and the resource operator have reached some satisfactory resolution on this question. Rather, the issue is one of testing or verifying that individuals are really a member of this community according to pre-agreed criteria, of having the institution vouch for or credential the individuals in some way that the resource operator can understand. Such arrangements are often called “site” licenses, but this term is really inaccurate; while physical presence at a specific site may be one criteria for having access, a better term is “group” license or “community” license, emphasizing that the key consideration is membership in some community, and that physical location is often not the key me

Source http://www.cni.org/projects/authentication/authentication-wp.html

Related posts

• Strength of authentication (0)
• Approaches to access management (0)
• Windows Password Security (0)
• Windows authentication in asp.net (0)
• Why Study When You Can Hack? (0)