MIWP-3: Guidelines and best practices for access control
|Status:||Under elaboration||Start date:||01 Jan 2014|
|Assignee:||Michael Lutz||% Done:|
According to the INSPIRE Directive data providers may limit access to services for a number of reasons. However, there has been no attempt to harmonise how access control and rights management are implemented, leading to a plethora of approaches across Europe. Data providers need to manage access for a number of reasons, and in some instances need to make a charge too. In these latter cases, the Directive stipulates that they must to use e-commerce. Again, there is no attempt to harmonise how this is done. The result is that access to INSPIRE services is not interoperable, thus reducing the value of the data and services. This is also an issue for the INSPIRE geoportal, since several view and download services described in the metadata harvested by the INSPIRE geoportal from the national discovery services are not accessible and thus makes it impossible for users to access these services through the INSPIRE geoportal. Furthermore, the current usage of a free text field for conditions applying to access and use in the INSPIRE metadata does not allow for automatic analysis and filtering.
Proposed change or action:
Develop guidelines and best practices for addressing these issues in a more harmonized way.
- The ARE3NA ISA action is launching a study on AAA (authentication, authorisation and accounting), which will
- review the state of the art in relevant technologies, standards and best practices for AAA/access control,
- organize an interim workshop to discuss potential AAA/access control solutions with stakeholders, and
- implement a testbed to examine potential AAA/access control solutions in practice.
- The MIG can interact with / contribute to this study by providing input and participating in the workshop and/or testbed.
- In parallel, the MIG should conduct a survey/document the currently used approaches for AAA/access control in the MS
- Overview of the currently used approaches for AAA/access control in the MS
- Guidelines and best practices for AAA/access control in INSPIRE
- AAA testbed
#2 Updated by Michael Lutz about 6 years ago
- Description updated (diff)
- Start date changed from 10 Mar 2014 to 01 Jan 2014
- % Done changed from 0 to 60
- The ARE3NA AAA study is progressing well (see AAA wiki)
- A workshop was organised during the initial phase of the project (on 17-18 April 2014), involving also several AAA experts nominated by the MIG
- The following final deliverable of the study are now available for review by the MIG and interested INSPIRE stakeholders until 24 September 2014: D1.1.1 & D1.2.1 Authentication, Authorization and Accounting for Data and Services in EU Public Administrations: Analysing standards and technologies for AAA
- A testbed for an access federation has been set up between the project partners
- The project is expected to be completed in autumn 2014. The final deliverables will be made available for review by the MIG and interested INSPIRE experts.