IRIS Data Services Launches First Stage of Its New Identity Management System, LUCID

IRIS Data Services launched the first stage (v1) of its new identity management system (code-named LUCID), which will affect the way data access passwords are managed.

The existing system relies on Principal Investigators (PIs) manually distributing network-level passwords to users, who then submit a form-based request for access. This request must be approved by an IRIS administrator who configures access and assigns the user a password for authenticated requests.

The updated system is self-service – it allows users to request access and manage their own passwords through an authenticated web session at PIs receive automated notifications about access requests and can approve and manage access to their networks through an authenticated web session.

An announcement of the next stage (v2) of the identity management system is expected in a couple of weeks.

(Note that many of the links documented below may not be available or updated until the release date.)

To request access to restricted data:

Log in to – you may need to create an account based on your primary email address.

Under Restricted Data Access you will see a dropdown input listing available restricted data network licenses. Choose one and click Request Access. A request will be sent to the relevant PIs, and upon approval you will be notified.

The Web Services Access section lists your username (which is your primary email address) and auto-generated password, which may be refreshed on demand. These are passed to the queryauth API using HTTP Digest authentication (see for details) to retrieve restricted data.

The SSL Password area lists a separate encryption key, which is used on data delivered through other channels (such as BREQ_FAST). See for details on using this key.

For Operators and PIs - approving requests:

You will no longer need to manage a network password and email directly to users to grant access. Instead, when users request access you will receive an automated email containing a link to review the request. You may also freely add or remove users allowed access to restricted data.

To start, log in to – you may need to create an account based on your primary email address. You will see a list of all networks for which you are listed as a PI or contact. You can view the details of network licenses, and manage the users allowed access.