Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CriteriaWithout eduTEAMSWith eduTEAMS
Effort for DeploymentLittle effort if Initially, little deployment effort is needed for an application that already contains an own user management and access control mechanisms. In the long term, if multiple applications are used by a research community, deployment efforts are still slightly smaller than with eduTEAMS but identity management becomes a much greater scalibility bottleneck as is written below.Moderate for the first time because an OAuth implementation or a SAML Service Provider has to be deployed (and potential code to access group information via VOOT).
Identity ManagementEither done by the research community as a whole (see above) or has to be all done by service operator in case the application's own user management is used. In the later case, this can be quite some effort to do properly for more than a hand full of users.Not needed, done by the user's home organisation (i.e. university, research institute).
Data QualityDegrading quickly after user account was provisioned by research communityPersonal user attributes are released by user's home organisation (e.g. university) that has a good interest to keep data up-to-date
Access ConrolControlUnless a shared user directory is used, access control rules have to be defined per service per user, which is quite some effort and needs frequent adaptationsEasy to define access control/authorization rules based on group membership data
SecurityUser has to authenticate at each service with his credentials. The more services are used, the higher the risk that one of the services is compromised and thus the user credentials are compromisedService never gets users credentials. Even if service is compromised, the user credentials are not affected by this, only the user's data on this service.

...