elixir ega aai pilot - terena · european life sciences infrastructure for biological information...
TRANSCRIPT
European Life Sciences Infrastructure for Biological Informationwww.elixir‐europe.org
ELIXIR EGA AAI PILOT
[email protected], project managerVAMP workshop 6th Sep, 2012
Outline
• EBI, EGA and Nordic Control database• Pilot goals• Pilot 1: Federated authentication• Pilot 2: Authorisation management• Snapshots from the REMS tool
EBI‐European Bioinformatics Institute• Academic research institute ‐ part of EMBL
– EuropeanMolecular Biology Laboratory– Funded by 20 European countries, EC, NIH etc– ”The CERN for bioinformatics”
• Located in Hinxton, Cambridge, UK• Hosts databases for bioinformatics, e.g.
– EMBL‐bank (DNA and RNA sequences)– Ensembl (genomes)– UniProt (protein sequences)
• Mission is to support science by providing maximal access to data stored at the institute.
European Genome‐phenome Archive (EGA)
• One of the EBI services • Stores any data where informed consent requires
controlled access (AuthN&AuthZ needed)• 8/2012: 323 datasets, 370TB, 200.000 samples
– Growth rate is very fast at the moment
• Access to datasets granted by a Data Access Committee (DAC)– DACs nominated by the original data owners– 8/2012, 68 DACs around Europe and beyond– EGA acts as a secure broker
• www.ebi.ac.uk/ega
Nordic Control Database (NCDB)
• 6000 samples fromDK, EE, FI and SE• Collected and deposited to EGA by the Nordic Center of
Excellence in Disease Genetics • http://nordicdb.org/
ELIXIR EGA AAI pilot• Common project for EBI, CSC and FIMM• Funded by ELIXIR
– EC project building infrastructure for biologicalinformation in Europe
• 4/2012‐4/2013
Project goalsPilot 1: federated authenticaton• Allow EGA data users to use their federated identity
for requesting services from the EGA • Remove user’s temptation to share their uid/pwd• Ensure access ceases when the user departs from
the Home OrganisationPilot 2: authorisation management tool for NCDB• A workflow tool for applicants and DACs• Reporting on access rights• Reporting on scientific publications made based on
the datasets
Pilot 1: Current authentication
Pilot 1: expected outcome• Integrate EGA web portal to SAML2 SP• EBI to join Haka federation and register EGA as an
SP to Haka – And possibly expose to an interfederation, such as Kalmar
Union or eduGAIN
Pilot 2: NCDB application workflow
Resource Entitlement Management System
Metadata on R1&R2
REMS
Workflow
ReportsCatalogue Resource 2
Resource 1
Owner1
Owner2Researcher2
Researcher1
research group
PrincipalInvestigator
Researcher3
SP
IdP
IdP
IdP
Apply for access Circulate to owner
Approveapplication
Use
European Life Sciences Infrastructure for Biological Informationwww.elixir‐europe.org
Screenshots from REMS
Disclaimer:Work in progress!
Creating a workflow for a dataset
Resource (dataset) owner:
1. Adds a new dataset to REMS
2. Create a workflow for the dataset• License of the dataset (applicant
needs to accept it)• Reviewer(s) of the application• Approver(s) of the application
Filling in an application
Research group leader(Principal Investigator):
1. Identifies the dataset(s) to apply access for
2. Identifies the members of the research group
3. Provides contactinformation etc
4. Attaches a research plan to justify the application
5. Submits the application
Reviewers’ and approvers’ view
• Reviewer(s) can comment the application• Approver(s) can approve or reject the application
Using the access rights, alternatives
1. REMS as a SAML proxy• Injects an eduPersonEntitlement to the SAML assertion
2. REMS as a SAML AP• Return an eduPersonEntitlement to an attribute query
3. REMS as XACML PDP• Argus
IdP Dataset
REMS web portal
SAML proxy
SAML AP
Argus
REMS intends to be a generic tool
• Applying access to any resources– Identified by an identifier
• Complex workflows• Several members in one application• License terms for resources• Federated authentication• Reporting• The aim to release on an OS license