# CASベースのRDM認証・認可機構の漸増開発とアセスメント評価

https://mdr.nims.go.jp/datasets/dbe91c32-4794-4ba4-919f-e67e9ed046ac

## File

- [IPSJ-TDP0202007.pdf](https://mdr.nims.go.jp/filesets/1dd51e8e-229f-42f5-b82a-6dad3c521bfa/download) ([Detail](https://mdr.nims.go.jp/filesets/1dd51e8e-229f-42f5-b82a-6dad3c521bfa.md))

## Id

dbe91c32-4794-4ba4-919f-e67e9ed046ac

## Local identifier



## Visibility

open_to_public

## State

published

## Created at

2021-10-13T13:29:41.040857Z

## Updated at

2022-10-02T17:03:39.080111Z

## Published at

2021-11-16T10:30:53.431771Z

## Doi

https://doi.org/10.48505/nims.3049

## First published url

http://id.nii.ac.jp/1001/00210542/

## Date published

2021-04-15

## Recorded date published

15/04/2021

## Resource type

journal_article

## Manuscript type

authors_original

## Collection

- id: 4c070d39-be60-43e2-b0ae-62b0b5c79824
  identifier: https://mdr.nims.go.jp/pid/4c070d39-be60-43e2-b0ae-62b0b5c79824
  title: The history of DICE and NIMS Digital Library

## Title

- title: CASベースのRDM認証・認可機構の漸増開発とアセスメント評価
  title_type: original
  lang: en

## Description

- description: Research Data Management (RDM) at National Institute for Materials
    Science has been developed to support a whole of activities in life cycle of research
    data, such as exchanging, distributing, managing and utilizing them among various
    and heterogeneous measurement and research systems for various research areas.
    Accordingly, Central Authentication Service (CAS) is adopted as the authentication
    mechanism and enhanced by integrating with the human resource and organization
    master data management for authorization to fulfill the native requirements for
    single sign-on. In order to realize data exchange and distribution among these
    systems, the authentication and authorization mechanism itself must act as the
    role of HUB that handles various authentication methods and authorized resources
    in the integrated manner. Due to natures in arising area newly linked with E-Science
    and Scientific Workflow, various trials could be naturally adopted in RDM, and
    this looks so different from the matured security framework in Service Oriented
    Architecture (SOA). As a case study, this paper presents the outline of the authentication
    and authorization mechanism incorporated in the RDM at National Institute for
    Materials Science, including the transition during design phases. Along with an
    overview, a brief assessment is carried out with the security framework in SOA,
    and we also review the differences found there for characterizing the authentication
    and authorization mechanism in RDM.
  description_type: abstract
  lang: en
- description: 国立研究開発法人物質・材料研究機構における Research Data Management（RDM）は，多様な研究領域を支える多様で異質な計測・研究システム群間のデータ交換・流通・管理・利活用を支援して研究データのライフサイクルを管理することを指向している．シングルサインオンに関する要求実現のため，認証機構には
    Central Authentication Service（CAS）を採用し，認可実施のため，人員・組織マスタデータ管理と統合して実装されている．多様で異質なシステム群間のデータ交換・流通を実現するためには，認証・認可機構自身が多様な認証方式・認可資源を統合的に扱う
    HUB の役割を負う必要がある．E-Science，Scientific Workflow と連携する RDM では新たに急伸している領域故に，種々の試行錯誤も見受けられ，成熟化に向かう
    Service Oriented Architecture（SOA）におけるセキュリティフレームワークとは異なる様相に映る．本稿では，未だ発展途上ではあるがケーススタディとして物質・材料研究機構における
    RDM に組み込まれた認証・認可機構の概略，設計上の変遷（認可管理との連携・名寄せ・多重化・API 管理）を概説するとともに，SOA におけるセキュリティフレームワークで簡易アセスメントを実施，そこで見出される差異について評価・考察を述べ，RDM
    における認証・認可機構に関する理解の一助とする.
  description_type: abstract
  lang: ja
- description: Research Data Management (RDM) at National Institute for Materials
    Science has been developed to support a whole of activities in life cycle of research
    data, such as exchanging, distributing, managing and utilizing them among various
    and heterogeneous measurement and research systems for various research areas.
    Accordingly, Central Authentication Service (CAS) is adopted as the authentication
    mechanism and enhanced by integrating with the human resource and organization
    master data management for authorization to fulfill the native requirements for
    single sign-on. In order to realize data exchange and distribution among these
    systems, the authentication and authorization mechanism itself must act as the
    role of HUB that handles various authentication methods and authorized resources
    in the integrated manner. Due to natures in arising area newly linked with E-Science
    and Scientific Workflow, various trials could be naturally adopted in RDM, and
    this looks so different from the matured security framework in Service Oriented
    Architecture (SOA). As a case study, this paper presents the outline of the authentication
    and authorization mechanism incorporated in the RDM at National Institute for
    Materials Science, including the transition during design phases. Along with an
    overview, a brief assessment is carried out with the security framework in SOA,
    and we also review the differences found there for characterizing the authentication
    and authorization mechanism in RDM.
  description_type: abstract
  lang: en
- description: 国立研究開発法人物質・材料研究機構における Research Data Management（RDM）は，多様な研究領域を支える多様で異質な計測・研究システム群間のデータ交換・流通・管理・利活用を支援して研究データのライフサイクルを管理することを指向している．シングルサインオンに関する要求実現のため，認証機構には
    Central Authentication Service（CAS）を採用し，認可実施のため，人員・組織マスタデータ管理と統合して実装されている．多様で異質なシステム群間のデータ交換・流通を実現するためには，認証・認可機構自身が多様な認証方式・認可資源を統合的に扱う
    HUB の役割を負う必要がある．E-Science，Scientific Workflow と連携する RDM では新たに急伸している領域故に，種々の試行錯誤も見受けられ，成熟化に向かう
    Service Oriented Architecture（SOA）におけるセキュリティフレームワークとは異なる様相に映る．本稿では，未だ発展途上ではあるがケーススタディとして物質・材料研究機構における
    RDM に組み込まれた認証・認可機構の概略，設計上の変遷（認可管理との連携・名寄せ・多重化・API 管理）を概説するとともに，SOA におけるセキュリティフレームワークで簡易アセスメントを実施，そこで見出される差異について評価・考察を述べ，RDM
    における認証・認可機構に関する理解の一助とする.
  description_type: abstract
  lang: ja

## Creator

- name: KIKUCHI, Shinji
  role: author
  orcid: https://orcid.org/0000-0001-8069-9656
- name: NAITO, Hiroyuki
  role: author
  orcid: https://orcid.org/0000-0002-4800-0582
- name: KADOHIRA, Takuya
  role: author
  orcid: https://orcid.org/0000-0003-0569-1309
- name: TANAFUJI, Mikiko
  role: author
  orcid: https://orcid.org/0000-0001-5284-6364

## Contact agent



## Publisher

organization: 情報処理学会

## Managing organization



## Keyword

- subject: 研究データ管理
  schema: not_defined
- subject: 認証・認可
  schema: not_defined

## Rights

- description: In Copyright
  identifier: http://rightsstatements.org/vocab/InC/1.0/

## Other identifier(s)



## Data origin



## Embargo



## Journal



## Conference



## Related item



## Funding



## Instrument



## Instrument operator



## Instrument managing organization



## Measurement method



## Specimen



## Chemical composition



## Structure for specimen



## Structural feature for specimen



## Specific property for specimen



## Process for specimen treatment



## Computational method



## Energy level/transition state



## Software



## Custom property



## Fileset

- id: 1dd51e8e-229f-42f5-b82a-6dad3c521bfa
  filename: IPSJ-TDP0202007.pdf
  content_type: application/pdf
  size: 3901266
  md5: '0449bbcd95a7d1a0344047169f6b1a02'

## Thumbnail

fileset_id: 1dd51e8e-229f-42f5-b82a-6dad3c521bfa
filename: IPSJ-TDP0202007.pdf