Authorisation

Every user of EconData is recorded as a member belonging to a memberlist, for example ECONDATA:MEMBERS(1.0.0). Every member may in turn have a membership to any number of data consumers and providers. Membership to a data consumer provides read access to all consumption agreements that reference that consumer, similarly membership to a data provider provides write access to all provision agreements that reference that provider.

Consumption and provision agreements therefore constitute read and write authorisation. In the case of a provision agreement the link to the underlying data is direct, because every data set holds a reference to a provision agreement (see image above). In the case of a consumption agreement this link is indirect as a mapping must be found between the consumption agreement and the data set through references to a matching dataflow and provision agreement.

For ordinary users memberships are managed within EconData while for service accounts (M2M sessions) memberships are provided as custom scopes contained within their access token (see Authentication) and managed on AWS Cognito.