elixir ega aai pilot - terena · european life sciences infrastructure for biological information...
TRANSCRIPT
![Page 1: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/1.jpg)
European Life Sciences Infrastructure for Biological Informationwww.elixir‐europe.org
ELIXIR EGA AAI PILOT
[email protected], project managerVAMP workshop 6th Sep, 2012
![Page 2: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/2.jpg)
Outline
• EBI, EGA and Nordic Control database• Pilot goals• Pilot 1: Federated authentication• Pilot 2: Authorisation management• Snapshots from the REMS tool
![Page 3: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/3.jpg)
EBI‐European Bioinformatics Institute• Academic research institute ‐ part of EMBL
– EuropeanMolecular Biology Laboratory– Funded by 20 European countries, EC, NIH etc– ”The CERN for bioinformatics”
• Located in Hinxton, Cambridge, UK• Hosts databases for bioinformatics, e.g.
– EMBL‐bank (DNA and RNA sequences)– Ensembl (genomes)– UniProt (protein sequences)
• Mission is to support science by providing maximal access to data stored at the institute.
![Page 4: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/4.jpg)
European Genome‐phenome Archive (EGA)
• One of the EBI services • Stores any data where informed consent requires
controlled access (AuthN&AuthZ needed)• 8/2012: 323 datasets, 370TB, 200.000 samples
– Growth rate is very fast at the moment
• Access to datasets granted by a Data Access Committee (DAC)– DACs nominated by the original data owners– 8/2012, 68 DACs around Europe and beyond– EGA acts as a secure broker
• www.ebi.ac.uk/ega
![Page 5: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/5.jpg)
Nordic Control Database (NCDB)
• 6000 samples fromDK, EE, FI and SE• Collected and deposited to EGA by the Nordic Center of
Excellence in Disease Genetics • http://nordicdb.org/
![Page 6: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/6.jpg)
ELIXIR EGA AAI pilot• Common project for EBI, CSC and FIMM• Funded by ELIXIR
– EC project building infrastructure for biologicalinformation in Europe
• 4/2012‐4/2013
![Page 7: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/7.jpg)
Project goalsPilot 1: federated authenticaton• Allow EGA data users to use their federated identity
for requesting services from the EGA • Remove user’s temptation to share their uid/pwd• Ensure access ceases when the user departs from
the Home OrganisationPilot 2: authorisation management tool for NCDB• A workflow tool for applicants and DACs• Reporting on access rights• Reporting on scientific publications made based on
the datasets
![Page 8: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/8.jpg)
Pilot 1: Current authentication
![Page 9: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/9.jpg)
Pilot 1: expected outcome• Integrate EGA web portal to SAML2 SP• EBI to join Haka federation and register EGA as an
SP to Haka – And possibly expose to an interfederation, such as Kalmar
Union or eduGAIN
![Page 10: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/10.jpg)
Pilot 2: NCDB application workflow
![Page 11: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/11.jpg)
Resource Entitlement Management System
Metadata on R1&R2
REMS
Workflow
ReportsCatalogue Resource 2
Resource 1
Owner1
Owner2Researcher2
Researcher1
research group
PrincipalInvestigator
Researcher3
SP
IdP
IdP
IdP
Apply for access Circulate to owner
Approveapplication
Use
![Page 12: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/12.jpg)
European Life Sciences Infrastructure for Biological Informationwww.elixir‐europe.org
Screenshots from REMS
Disclaimer:Work in progress!
![Page 13: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/13.jpg)
Creating a workflow for a dataset
Resource (dataset) owner:
1. Adds a new dataset to REMS
2. Create a workflow for the dataset• License of the dataset (applicant
needs to accept it)• Reviewer(s) of the application• Approver(s) of the application
![Page 14: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/14.jpg)
Filling in an application
Research group leader(Principal Investigator):
1. Identifies the dataset(s) to apply access for
2. Identifies the members of the research group
3. Provides contactinformation etc
4. Attaches a research plan to justify the application
5. Submits the application
![Page 15: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/15.jpg)
Reviewers’ and approvers’ view
• Reviewer(s) can comment the application• Approver(s) can approve or reject the application
![Page 16: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/16.jpg)
Using the access rights, alternatives
1. REMS as a SAML proxy• Injects an eduPersonEntitlement to the SAML assertion
2. REMS as a SAML AP• Return an eduPersonEntitlement to an attribute query
3. REMS as XACML PDP• Argus
IdP Dataset
REMS web portal
SAML proxy
SAML AP
Argus
![Page 17: ELIXIR EGA AAI PILOT - TERENA · European Life Sciences Infrastructure for Biological Information ‐europe.org ELIXIR EGA AAI PILOT Mikael.Linden@csc.fi, projectmanager VAMP workshop](https://reader034.vdocuments.us/reader034/viewer/2022050611/5fb205c480050f205c58b47b/html5/thumbnails/17.jpg)
REMS intends to be a generic tool
• Applying access to any resources– Identified by an identifier
• Complex workflows• Several members in one application• License terms for resources• Federated authentication• Reporting• The aim to release on an OS license