CESSDA SML: Decision on CA12 - Authentication and Authorisation
CA12: Authentication and Authorisation
MUST BE SML2 SHOULD BE SML4
In this case we cannot give a general recommendation since the way authentication and authorisation is implemented inherently depends on the software's functionality. Instead of developing an own solution rely on DARIAH's AAI whenever possible.
Actions to Be Taken in RDD:
- never share passwords
- use Shibboleth whenever possible and reasonable