As part of the strategy to modularise our information systems to improve maintainability and enhanced security, the identity and access management and authentication aspect of the WCPFC website is now separated into its own system, built upon the Drupal 10.x framework.


For Party Administrators, this should provide improved processes for managing party accounts and authorising their respective party delegates to have access to appropriate areas of WCPFC information systems.


The Single Sign On (SSO) protocol currently in use by WCPFC is Central Authentication Server (CAS) and this will continue in order to maintain the current compatibility between systems. However, the upgraded platform allows for an option to adopt a more modern protocol such as OAuth 2.0 in the future without altering the party / account management aspects. An eventual upgrade to OAuth 2.0 would allow for more advanced authentication integrations such as providing an authentication solution for mobile applications and integration with 3rd party identity providers (e.g. SPC identity, FFA identity).


The upgraded platform also allows for further security hardening features such as Multi Factor Authentication (MFA) should this be desired in the future.


In addition to the management of system accounts, in its role as the ‘Identity Management Server’, this system will also assume responsibility for the management of ‘Official CCM Contacts’ as used in the legacy website CCM Portal website area.


The IAM system has a dedicated server - https://accounts.wcpfc.int. This server will be responsible for authenticating users when they log into other WCPFC portals, e.g. Meetings, Compliance Case Files (CCFS), Record of Fishing Vessels (RFV), VMS etc.


When a user selects to login to the WCPFC application portals they will be redirected to a login page on the IAM system. After authenticating they will be redirected back to the portal they originated from.


This experience is much the same as current processes, although the login page presented to users will have a more modern look and feel compared to the previous login page on the website.


The IAM system provides more details on what users have access to and should make the assigning of system access roles easier for Party Administrators. We will be enhancing this as we continue to improve our online systems.


The most significant changes are summarised below:


Meeting Registration Approver. A new role has been introduced to give meeting registration approval to individuals without giving them the role of Party Administrator.


Meeting Delegate. A new role has been introduced that provides authenticated access to the meeting server, and the online discussion forum although access to secure content on these sites continue to depend on having a meeting registration.


The full list of system access roles a CCM Party Administrator can assign (new roles highlighted) are listed below:

  • CCFS Editor - Allows access to viewing and respond to cases on ccfs.wcpfc.int 
  • CCFS Viewer - Allows access to view cases on ccfs.wcpfc.int  
  • Circular Viewer - Allows access to circulars on circs.wcpfc.int. The circulars portal has an opt-in or out of email
  • Monitoring & Evaluation Editor - Allows editing of content on Monitoring & Evaluation site at cmm.wcpfc.int
  • Monitoring & Evaluation Viewer - Allows access to view content on Monitoring & Evaluation at cmm.wcpfc.int
  • Meeting Delegate - Allows authenticated access to the meeting server and the forums at forum.wcpfc.int. NOTE: Access to secure content on these sites is governed by specific meeting registrations.
  • Meeting Registration Approver - Allows approval of meeting registrations for each party on meetings.wcpfc.int
  • RFV Editor - Allows this user to add/edit vessel and charter information and MTU audits on vessels.wcpfc.int
  • RFV Viewer - Allows access to secure vessel information on vessels.wcpfc.int
  • TSER Report Viewer - Allows access to tser.reports.wcpfc.int
  • VMS Editor - Allows this user to add/edit MTU details and MTU Audits of vessels on vessels.wcpfc.int, access Trackwell VMS and update VMS reporting status on vrst.reports.wcpfc.int
  • VMS Viewer - Allows this user to view MTU details and MTU Audits of vessels on vessels.wcpfc.int, access Trackwell VMS and view VMS reporting status on vrst.reports.wcpfc.int 
  • Website Secure Access - Allows access to restricted content on www.wcpfc.int