The objective of the user authentication community is to authenticate users. The user authentication should not be in the enterprise viewpoint as service-independent authentication should be a transparency (and hence not visible). Authentication should be part of individual services (instruments, data processors, data provisioning systems, etc.).
The roles and behaviour of the data identification community can be summarized as follows:
A user can register its identity with an Identity Provider and allow the Identity Provider to authenticate him/her. A Service Provider can request the user to authenticate him/herself, and request the identity details to determine (role/group) privileges.
The following roles are identified in the User Authentication Community:
User Authentication Subsystem (passive role): the community component representing the user authentication community.
User (passive/active role): an agent that authenticates itself.
Identity Provider: a passive role, which is an agent that is responsible for managing/validating the identity of a user.
Service Provider: a passive role, which is an agent that is responsible for authorizing access to a service based upon a user’s identity.
The following behaviour is identified in the User Authentication Community:
Register identity: a behaviour by the user and the identity provider to validate and register the identity of the user.
Authenticate: a behaviour performed by the user and the identity provider to confirm the identity of the user.
Request identity: a behaviour by the user, the identity provider and a service provider to request the identity of a user for determining its privileges.
Communities that typically collaborate with the user authentication community are: data creation community, data management community, data processing community, data provisioning community and data identification community for authorizing users to use their systems.