Common use of Authentication and Authorization Clause in Contracts

Authentication and Authorization. Users may be asked to log in to access ESAP itself, or to use some or all of the services mediated by a given ESAP instance. 1This configuration is instance‐specific: for example, a central EOSC installation of ESAP might provide access to a wide range of services, spanning the entire EOSC, while an institutional or project‐level system may only be configured with information about local resources. End User National Data Centre Grid Systems HPC Facility Jupyter Notebook Service ESAP Source Lists Bulk Data Archive isualization T Research Infrastructure Virtual Observatory Catalog def{>} Software Service $ SW / HW Selection Service REST API REST API REST API REST API REST API REST API ! AAI Service User Interface REST API PID Service REST API % Storage Service REST API REST API REST API REST API REST API * Managed Database Service ) Workflow Service ( ▇▇▇ Service ! This step is not required: if both the owner of the ESAP instance and the owner of any services being accessed make them available to the general public, then ESAP need not force the user to log in. In general, however, users are expected to log in before using the data management services (§2.3.3). ESAP as delivered by this work package will provide for user authentication through the ESCAPE Identity and Access Management (IAM) service2. Where possible, ESAP is designed to be flexible and adaptable to other systems, but explicit support for other systems is outside the scope of this work package.

Authentication and Authorization. Users may be asked to log in to access ESAP itself, or to use some or all of the services mediated by a given ESAP instance. 1This configuration is instance‐specific: for example, a central EOSC installation of ESAP might provide access to a wide range of services, spanning the entire EOSC, while an institutional or project‐level system may only be configured with information about local resources. End User National Data Centre Grid Systems HPC Facility Jupyter Notebook Service ESAP Source Lists Bulk Data Archive isualization T Research Infrastructure Virtual Observatory Catalog def{>} Software Service $ SW / HW Selection Service REST API REST API REST API REST API REST API REST API ! AAI REST Service User Interface API REST API PID Service REST API % Storage Service REST API REST API REST API REST API REST API * Managed Database Service ) Workflow Service ' Workload ( Management Service ▇▇▇ Service ! This step is not required: if both the owner of the ESAP instance and the owner of any services being accessed make them available to the general public, then ESAP need not force the user to log in. In general, however, users are expected to log in before using the data management services (§2.3.3). ESAP as delivered by this work package will provide for user authentication through the ESCAPE Identity and Access Management (IAM) service2. Where possible, ESAP is designed to be flexible and adaptable to other systems, but explicit support for other systems is outside the scope of this work package.