dvstans
commented
3 years ago After thought & discussion, we want to continue allowing access to DataFed from unaffiliated users; however, these users shall not be able to create any new information in the system. While any user can create a Globus account, Globus is protected from bots and does require email verification.
DataFed currently requires users to have a Globus ID account, but this allows malicious users to easily access DataFed. While such users should not be able to do much, they are anonymous. To avoid this, DataFed should require users to have an affiliated account with a Globus member organization. This will allow them to be identified in the event of bad behavior.
This also implies that DataFed will need to assign it's own internal user ID instead of relying on Globus ID.