Authorisation/Group Management for E-Infrastructures

A distinctive feature of e-infrastructures is that most individuals’ authorisation to access a particular service does not come from their home organisation (as it does for site-licensed journals, for example) nor from the operator of the service (as in traditional, non-federated, access).

Instead, authorisation is largely devolved by service owners to individuals who act as ‘group leader’ or ‘principal investigator’ when deciding who else can share their access to a particular service, dataset or experiment. Often the group and its resources may form a virtual organisation, crossing the boundaries of the real-world organisations that employ individuals and operate services. The interface through which leaders create and manage their groups is therefore a key component, effectively defining the membership of and roles within the virtual organisation. This involves interactions with human users as well as networked systems providing both authentication and research services.

This paper considers the various functions and interfaces that might be required of a general group management platform and how they are provided in current e-infrastructures. Most UK and international e-infrastructures currently use dedicated group management platforms, bound to particular infrastructures or user communities, which implement the particular functions and interfaces required by those communities. However, future crossinfrastructure and cross-community research is likely to require group management platforms to inter-operate and provide a wider range of functions. The paper suggests ways that these developments towards a more general service might be facilitated, either by enhancements to individual platforms or, where they require corresponding changes to a number of different infrastructure components, by studies, pilots or recommendations towards a common development roadmap.