Versions Compared

Old Version 4

changes.mady.by.user Preston Lee

Saved on

compared with

New Version 5

changes.mady.by.user Preston Lee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section


Column
width50%

HSPC user identities, IAM, and existing systems.

Following 14th general meeting, the Platform team has agreed to unify user authentication with a common OAuth Identity Provider (IDP). This is a DRAFT document for team comment. Written in the present tense using RFC 2119 terms.

FieldValue
Code NameHSPC-ID
CuratorPreston Lee
StatusInitial Draft

Effort: IAM


Column
width50%

Table of Contents
outlinetrue
stylenone

...



Problem

HSPC user accounts have not historically not been centrally managed. This cannot continue for , with individual services maintaining their own user database for which it was authoritative. While this is a normal for startup-phase organizations, it becomes immensely problematic during growth. Core symptoms of poor IAM include:

Confusing and onboarding staff and members. (E.g. "Oh, to access service X, email Y.") 

Inconsisten

Inability to fully disable accounts. 

Objectives

For HSPC to mature and grow, a centralized IAM system became necessary. 

  • Establish an single sign-on (SSO) authority upon which all “Platform” systems, tools, and services may authenticate and authorize users.
  • Allow HSPC staff to centrally manage member and non-member access to digital content in services in a role-based, manner.
  • Provide a standards-based identity provider (IDP) for partners and cloud services to support HSPC member logins into 3rd-party systems.
  • Enable integrated account self-service for administrative membership functions.

...