I couldn’t live blog Andrew Lyall’s session because it took me a long time to work out what the question was. Basically the ELIXIR project is shifting around huge amount of sensative clinical data and have issues with doing that. At the moment a lot of what they do is associated with anonymised data that can be made openly available (as long as they get this right) but they have one core system that does require authentication.
The problem is the issue of delegated authorisation. Much of the data used is of such sensistivity that the community has established committees who decide whether you are allowed to get access to a resource or not – Data Access Committees. Within a federated infrastructure, this means the authorisation does not come from an IdP or an SP, but from a third-party. A system needs to be put in place that allows this authorisation to be both added and revocated in a trustworthy manner.
This sounds like a typical virtual organisation set-up, but we haven’t seen a lot of adoption of this sort of architecture within the federated landscape. Time for us to revisit these requirements at REFEDS? I think so.
As I mentioned at the beginning I’m not sure I got these requirements right so please let me know if I am barking up the wrong tree with this scenario.