VO SAML Attribute Authorities As Centralized Audit Hubs
Time 10/07/15 02:30PM-02:55PM
Room Room 26-A
Using a SAML attribute authority (AA) operated by a virtual organization (VO) to decorate and inform assertions from a home organization identity provider for the purposes of supporting fine-grained access control is a well established deployment pattern. Less explored is the opportunity to leverage the same SAML AA and the collaboration management platform (CMP) that drives it for the purpose of providing a centralized audit hub. Audit trails or change tables are a fundamental requirement of any research or laboratory that follows GxP (Good Laboratory practices, Good Manufacturing Practices, or Good Clinical Practices). When each application or service provider used within a VO uses its own infrastructure for access control auditing is complicated and error prone because of the need to match up and correlate access logs and records across the multiple services. If, however, access is managed using attributes asserted by the VO AA and curated using a CMP with audit and history capabilities then a centralized and coherent approach to auditing across the VO services is achievable.
We will detail and propose requirements for a CMP and SAML AA deployment pattern that supports GxP centralized auditing in the VO context, and specifically from the perspective of an international VO focused on infectious disease clinical research.
Speaker Scott Koranda Spherical Cow Group
Speaker Christopher Whalen National Institutes of Health (NIH)
Primary track Trust and Identity