Security Attribute Aggregation Models for E-research Collaborations

Supporting distributed, research collaborations is a fundamental demand of e-Research infrastructures (e-Infrastructures). To be successful, e-Infrastructures must address the needs of all parties involved including end user researchers and associated stakeholders, e.g. organizations that make resources available. These needs often translate into ensuring the security and integrity of systems and data sets used for research purposes. Whilst a cornerstone of e-Research has been to support single sign-on, i.e. where users are not required to provide multiple username/passwords, the reality is that most single sign-on solutions have been based around authentication-oriented only models based on public key infrastructures. For many researchers and organizations, finer-grained access control (authorization) is essential. Such authorization solutions typically depend on delivery of security attributes that determine the privileges of individuals that can subsequently be used to determine their access requests to organizational resources. In this paper we identify attribute delivery patterns that support different authorization-oriented collaborative models. These patterns are currently being explored within the context of the Australian Urban Research Infrastructure Network (AURIN -- www.aurin.org.au).