Version 9 (modified by gutierjm, 8 years ago) (diff)


Authorization scheme overview

As different data terms-of-use and policies apply to the datasets stored in the ECOMS-UDG server, a fine-grained user authorization scheme has been implemented using the Santander MetGroup? THREDDS Administration Panel (TAP), which allows user registration and data access authorization for a number of EU-funded projects and initiatives.

In all cases, dataset access is conditioned to the acceptance of the particular usage terms and conditions.

Access to restricted datasets

Dataset authorization is organized in groups, which correspond to the different FP7 projects conforming ECOMS (EUPORIAS, SPECS and NACLIM) for the case of the ECOMS-UDG data. Therefore applicants belonging to any of these groups can request an enrolment in the corresponding project(s) he/she is (officially) participating.

Enrolment in any of these 3 groups is subject to explicit approval by project leaders in each case, and therefore group acceptance is not immediate, and may take some time. Acceptance is always confirmed via email.

Membership to any of these three groups grants access to restricted datasets (e.g. ECMWF's System4 seasonal/annual forecasts).

Access to public datasets

The group (PUBLIC) has open access characteristics, and therefore project membership is not required in this case. Thus, users external to ECOMS can also apply, being the access automatically given in this case. Currently, three public datasets are available in this group: WATCH Forcing Dataset ERA-Interim (gridded observations), NCEP-NCAR (reanalysis) and CFSv2 hindcast (seasonal forecast).

Registration process

Users can register at TAP filling in the required information (please also specify the institution and intended usage fields). Alternatively, we are working on a new option to register using the the user's !OpenID (e.g. from ESGF), explained below.

Data authorization: Groups and Datasets

Membership in new groups can be requested from the My groups section of your home menu. An agreement window will show the terms of use of each of the included datasets which must be accepted before saving.

The currently authorized datasets can be seen in the "My Datasets" section.

Anex 1: OpenId Registration

Users will be able to register at TAP through OpenId in September. At that time, ESGF IDP's will be updated to a fixed version which allows retrieving OpenId data safely. Nevertheless, there is a new login page available because our implementation is done. Login form is splited in two main tabs(User/Password and OpenId). This means that users will be able to login both Username/Password and OpenId. OpenID login does not require clicking any registration button. Users have to enter their OpenId and click the login button. If the OpenId is not registered yet (First login attempt with that OpenId) a registration form will be shown.

OpenId Registration form is similar to the regular registration form. Nevertheless, OpenId login allows to retrieve some relevant info from the user's account (First name, Last name, email and more), so that, some information is already filled in the form. Users just have to fill in the empty inputs, click the register button and activate their account through email. Note that if the user has an existing account and wants to create a new one, the email has to be different. Although the data is retrieved and filled in the form, can be changed by the user.

As users can see there is a new feature at the top of the form, the OpenId link account.

For those users who are already registered at TAP this new feature has a considerable relevance. TAP registered users can link their existing account to their OpenId just by filling their username and password. Nevertheless, it is necessarily to follow the mentioned process and it is not possible to go directly to the link page due to security reasons.

If submit is successful no more steps are required. Users have to go to the login page and log in at TAP with their OpenId.

Attachments (4)

Download all attachments as: .zip