ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, project manager VAMP workshop 6th Sep, 2012 European Life Sciences Infrastructure for Biological Information www.elixir ‐ europe.org
Outline • EBI, EGA and Nordic Control database • Pilot goals • Pilot 1: Federated authentication • Pilot 2: Authorisation management • Snapshots from the REMS tool
EBI ‐ European Bioinformatics Institute • Academic research institute ‐ part of EMBL – European Molecular Biology Laboratory – Funded by 20 European countries, EC, NIH etc – ”The CERN for bioinformatics” • Located in Hinxton, Cambridge, UK • Hosts databases for bioinformatics, e.g. – EMBL ‐ bank (DNA and RNA sequences) – Ensembl (genomes) – UniProt (protein sequences) • Mission is to support science by providing maximal access to data stored at the institute.
European Genome ‐ phenome Archive (EGA) • One of the EBI services • Stores any data where informed consent requires controlled access (AuthN&AuthZ needed) • 8/2012: 323 datasets, 370TB, 200.000 samples – Growth rate is very fast at the moment • Access to datasets granted by a Data Access Committee (DAC) – DACs nominated by the original data owners – 8/2012, 68 DACs around Europe and beyond – EGA acts as a secure broker • www.ebi.ac.uk/ega
Nordic Control Database (NCDB) • 6000 samples from DK, EE, FI and SE • Collected and deposited to EGA by the Nordic Center of Excellence in Disease Genetics • http://nordicdb.org/
ELIXIR EGA AAI pilot • Common project for EBI, CSC and FIMM • Funded by ELIXIR – EC project building infrastructure for biological information in Europe • 4/2012 ‐ 4/2013
Project goals Pilot 1: federated authenticaton • Allow EGA data users to use their federated identity for requesting services from the EGA • Remove user’s temptation to share their uid/pwd • Ensure access ceases when the user departs from the Home Organisation Pilot 2: authorisation management tool for NCDB • A workflow tool for applicants and DACs • Reporting on access rights • Reporting on scientific publications made based on the datasets
Pilot 1: Current authentication
Pilot 1: expected outcome • Integrate EGA web portal to SAML2 SP • EBI to join Haka federation and register EGA as an SP to Haka – And possibly expose to an interfederation, such as Kalmar Union or eduGAIN
Pilot 2: NCDB application workflow
Resource Entitlement Management System Apply for access Circulate to owner Principal Investigator IdP IdP Owner1 Researcher1 Approve SP REMS Resource 1 application research group Workflow Researcher2 Owner2 Catalogue Resource 2 Reports IdP Researcher3 Metadata on R1&R2 Use
Screenshots from REMS Disclaimer: Work in progress! European Life Sciences Infrastructure for Biological Information www.elixir ‐ europe.org
Creating a workflow for a dataset Resource (dataset) owner: 1. Adds a new dataset to REMS 2. Create a workflow for the dataset • License of the dataset (applicant needs to accept it) • Reviewer(s) of the application • Approver(s) of the application
Filling in an application Research group leader (Principal Investigator): 1. Identifies the dataset(s) to apply access for 2. Identifies the members of the research group 3. Provides contact information etc 4. Attaches a research plan to justify the application 5. Submits the application
Reviewers’ and approvers’ view • Reviewer(s) can comment the application • Approver(s) can approve or reject the application
Using the access rights, alternatives REMS web portal SAML proxy IdP Dataset SAML AP Argus 1. REMS as a SAML proxy Injects an eduPersonEntitlement to the SAML assertion • 2. REMS as a SAML AP • Return an eduPersonEntitlement to an attribute query 3. REMS as XACML PDP • Argus
REMS intends to be a generic tool • Applying access to any resources – Identified by an identifier • Complex workflows • Several members in one application • License terms for resources • Federated authentication • Reporting • The aim to release on an OS license
Recommend
More recommend
