NextGEOSS Data Hub and Platform offers a User Management service, allowing the authentication of the users to access all NextGEOSS Services and user support features such as the Service Desk and User Feedback Mechanism.
The User Management includes:
- Registration of users into a community (targeting the GEO/GEOSS community) and managing related user ‘identity’ information (user name, family name, email, telephone number, gender, …);
- Registration directly via an existing social network login (from a user account on Google, Twitter, Facebook, …) by importing that user ‘identity’ information;
- Authentication and authorization mechanisms towards acknowledged third-party services (targeting GEO/GEOSS services), based on user credentials defined at the level of the NextGEOSS UM Service;
- Registration of GEO/GEOSS services or applications (i.e. data harvesting, discovery, access, processing) that shall be subject to the definition of authentication and authorization mechanisms within the NextGEOSS UM Service.
- Provide SSO capability that enables a registered user to log in once, and access multiple GEO/GEOSS applications where the user signed-up already, without being required to authenticate for each application separately.
- Allow integration of other SSO systems (handled as identity providers, similarly to the handling of social network providers) in order to provide to existing EO data users a federation of GEO/GEOSS resources – e.g. ESA EO Users Single Sing On, NASA EarthData Login. These systems could be based on different protocols: OpenID Connect, SAML2, Oauth2.