The Internet has revolutionized the way we deal with information due to its inherently open, decentralized nature. But while such freedom and openness provide unsurpassed flexibility and growth potential, when the information in question is confidential significant and even critical threats also become very evident. The importance of this topic cannot be emphasized well enough — especially considering how often its complexity is, in fact, underestimated. In ToxBank, therefore, data confidentiality is given particular emphasis and attention. There's already strong basis build during the course of the OpenTox project — that's not only something for ToxBank to step on, but also to further develop.
Confidentiality is one of the cornerstones of information security (others are integrity, availability, etc.) The standard ISO/IEC 27002 refers to it as ‘ensuring that information is accessible only to those authorized to have access’. To understand the concept of confidentiality, it can be broken apart into defining “who” has the right to do “what” with certain data. This leads to two tasks that need to be handled: authentication, confirming the identity of the user who is requiring access to the confidential information (that is, confirming that they are indeed who they claim to be,) and authorisation, putting this confirmed identity against the set restrictions to determine whether the requested access should be granted or denied.
Currently, User details can be retrieved by requesting OpenAM attributes, given a valid token.