2015 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

VO SAML Attribute Authorities As Centralized Audit Hubs

Time 10/07/15 02:30PM-02:55PM

Room Room 26-A

Session Abstract

Using a SAML attribute authority (AA) operated by a virtual organization (VO) to decorate and inform assertions from a home organization identity provider for the purposes of supporting fine-grained access control is a well established deployment pattern. Less explored is the opportunity to leverage the same SAML AA and the collaboration management platform (CMP) that drives it for the purpose of providing a centralized audit hub. Audit trails or change tables are a fundamental requirement of any research or laboratory that follows GxP (Good Laboratory practices, Good Manufacturing Practices, or Good Clinical Practices). When each application or service provider used within a VO uses its own infrastructure for access control auditing is complicated and error prone because of the need to match up and correlate access logs and records across the multiple services. If, however, access is managed using attributes asserted by the VO AA and curated using a CMP with audit and history capabilities then a centralized and coherent approach to auditing across the VO services is achievable.

We will detail and propose requirements for a CMP and SAML AA deployment pattern that supports GxP centralized auditing in the VO context, and specifically from the perspective of an international VO focused on infectious disease clinical research.


Speaker Scott Koranda Spherical Cow Group

Speaker Christopher Whalen National Institutes of Health (NIH)

Primary track Trust and Identity

Secondary tracks Research CAMP 201

platinum Sponsors

gold Sponsors

silver Sponsors

supporter Sponsors