Page tree
Skip to end of metadata
Go to start of metadata
Title (goal)Consistent authentication and authorization across federated repositories
Primary ActorSystem Administrator
ScopeOrganization black-box

A System Administrator has to maintain a federation of repositories: one for streaming media, another repository for textual objects, and one for large-scale numerical data sets. Each repository runs on dedicated hardware systems with differing architectures. All repositories are utilized by the same group of researchers. Data objects of researchers are often stored in more than one of those repositories. The System Administrator needs to ensure consistent users, roles, and access rights across all repositories. Thus, she requires a single point of administration for user and access management for the distributed repository infrastructure. Any change at this single point of administration should (immediately/near real-time) be reflected in all repositories under her control.


  1. As of 4.0-Alpha-4, authorization requests may contain additional information other than the username; for example, the request could include the security group the user belongs to. These groups could be managed on a central server, so moving a user from one group to another would change their access rights across all repositories in the network.

    This implementation may address the use case, though other implementations are still possible.

    1. Matthias Razum can you review my comments above in the context of this use case?