Access control is an important form of security, enabling selective restriction to a place or resource. In the digital world, access control takes the form of user name and passwords, biometrics, account creation and management and many other mechanisms. These mechanisms usually use a set of credentials that are issued by one organization or system, and are sometimes used by a different organization or system. For example, passports are issued by one country (the issuer), and are used by other countries (the relying parties) to make an access decision about entering.
Often relying parties need to know some information (attributes) about the individual in order to make an access decision. An example of this “Credentialed Access” may be, to gain access to a group’s document, a system might need to know if the individual is a part of the group. Sometimes the information needed to make that decision is available at the relying party. (Example: the system with documents knows all of the members of the group.) Other times this information is available at the issuer. (Example: the document is open to any student, and the issuer knows if the individual is a student or not.)
About the project
ORCID issues credentials that can be used to sign into a system, and also has information (attributes) about the individuals including affiliations, research funding information, and publications written. The combination of these credentials and related attributes makes ORCID a potential provider of “Credentialed Access” services.
In this project, ORCID, in its role as a digital credential issuer, is exploring the feasibility of enabling individuals to use the attributes stored about themselves to help with resource access decisions. Relying parties would request information from individuals, and individuals could fulfill these requests when they sign in based on information stored within ORCID. Relying parties use this information to make decisions about if the individual should gain access resources. These resources are items that are only available to select individuals who may have taken specific training, are active researchers, have a particular affiliation, or whose research is supported by a particular funder.
My role
Starting in late 2018, I have led the exploration of this exploration at the direction of ORCID.
Key accomplishments:
- To better visualize how ORCID may participate in this way, developed specifications of how the system can be adapted and/or extended to provide “Credentialed Access”
- To better understand use cases, participated in working groups in the life sciences to specify global standards for researcher data access “passports” (Global Alliance for Genomic Health - GA4GH)
- Identified and secured partners for pilot projects to more completely understand use cases, and explore the functionality needed to support them.