You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Participants

Proposers
NameOrganisation
Slavek Licehammer & Pavel BrousekCESNET
GN4-3 project team
NameOrganisationRole
Lucie KureckovaCESNETDeveloper, TIM student
Pavel BrousekCESNETMentor


Stakeholders
Name

Organisation

Role 
Slavek LicehammerCESNETStakeholder



Activity overview

Description

Account linking is, in principle, a simple process of joining user’s digital identities. Users have to prove that they own two or more digital identities, which are consecutively linked together in the identity management system. CESNET has very positive feedback on ELIXIR workflow for account linking. User signs in with one identity, then with a second one, and the identities are linked. The positive feedback is coming not only from the ELIXIR community but also from users from other communities, even outside the life-science area.

The significant issue of the workflow is its user interface, which is still too complicated for users to navigate through smoothly. Because the process consists of several steps, skipping one step or leaving the linking process unfinished makes it even more prone to errors. Users need a straightforward interface that will guide them step-by-step through the whole process.

Activity goals
The goal of the topic is to develop a new web application for account linking, test it with end-users and improve it based on user feedback. The application has to support a recommendation system that tries to guess linkable identities. It also has to deal with all possible situations in a user-friendly way. The situations include linking identities that already belong to different registered users or linking identities neither of which belongs to a registered user.

Activity Details

Technical details

The account linking application will work with the OIDC protocol only. Based on the AARC Blueprint architecture, the proxy component can translate other protocols to OIDC, so the account linking application does not have to handle other protocols. Most of the application logic will be standalone but it will expect an IdM system as a backend for storing linked identities.

Business case

From the view of authentization proxy is the  benefit for consolidating and for user is benefiting in a way he can login with any of his accounts. The migration between the home organization would become very simple. And because of linking we can use multiple attributes from all the accounts.

Risks

It might happen that someone works already on a similar project or publishes before the activity ends.

Another one is that the application wont be used outside of the Perun project.

Another risk is with the self-sovereign identities the account linking won't be needed anymore.


Data protection & Privacy

Application is not the privacy hotspot itself, other components will be. Application will be designed to work with the smallest amount of data. The data will be stored at backend, which is not part of the application.


Definition of Done (DoD)
  • a prototype of Account linking application
  • the prototype is successfully tested


Sustainability

The application will be part of the ecosystem of Perun.

Activity Results

Results

Meetings

Date

Activity

Owner

Minutes

 October 15, 2021

Incubator on hands



















Documents

  File Modified
No files shared here yet.



  • No labels