1 / 24

FIM4R and REFEDS meeting 3 October 2013

EMBL-EBI: experience on implementing federated identity management to the European Genome- phenome Archive (EGA). FIM4R and REFEDS meeting 3 October 2013. Ilkka Lappalainen Variation archive project leader ilkka@ebi.ac.uk. Introduction of EMBL-EBI and the EGA service

jael
Download Presentation

FIM4R and REFEDS meeting 3 October 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. EMBL-EBI: experience on implementing federated identity management to the European Genome-phenome Archive (EGA) FIM4R and REFEDS meeting 3 October 2013 Ilkka Lappalainen Variation archive project leader ilkka@ebi.ac.uk

  2. Introduction of EMBL-EBI and the EGA service EGA and federated identity – value added to the service Roadmap from HAKA to eduGAIN

  3. What is EMBL-EBI? • Based on the Wellcome Trust Genome Campus near Cambridge, UK • Part of the European Molecular Biology Laboratory • Non-profit organisation • Close to 500 employees

  4. EBI services for bioinformatics Literature and ontologies Genomes Protein sequence DNA & RNA sequence Protein structure Gene expression Genetic Variants Chemical entities Protein families, motifs and domains Protein interactions Pathways Systems

  5. Designing a biomedical research project • Project must have funding, insurance and ethical approval. • Study participants recruited e.g.public health care provider. • Informed consent • allows extraction of clinical data to be used for research. • data must be managed so that it will not allow identification of the study partners. • Data collected from the biological samples, analysed and submitted to the EGA. • Study published at the EGA website at the same time with publication.

  6. European Genome-phenome Archive (EGA) • Primary archive for any data consented for sharing in the context of research but not for fully public distribution • Secure storage, management and dissemination of data – raw or processed - from biomedical research projects. • Phenotypic data collected from the subjects. • Submissions must be de-identified and in accordance with the informed consent. • Data are packed into datasets that are governed by a Data Access Committee (DAC). • Authentication - each DAC approved individual will have a personal EGA account. • Authorization – DACs attach access permission(s) to the EGA account(s).

  7. EGA works with Data Access Committees (DAC)

  8. EGA is a global service • More than 300 studies available for user requests, each ranging from few cases to thousands of subjects, 4126 authorized users, 400 requests a month. Archive growth in tera bytes of data

  9. EGA is a global service • More than 300 studies available for user requests, each ranging from a few cases to thousands of subjects, 4126 authorized users, 400 requests a month.

  10. EGA is a global service • More than 300 studies available for user requests, each ranging from few cases to thousands of subjects, 4126 authorized users, 400 requests a month.

  11. EGA is a global service • More than 300 studies available for user requests, each ranging from few cases to thousands of subjects, 4126 authorized users, 400 requests a month.

  12. Federated identity – value added to EGA • Informed consent and the Data Access Agreement allow data to be used by a bona fide researcher from the named academic institution (or company). However – the DAC has only limited tools to verify the identity of the applicant(s). • Data Access Agreement may expire when applicant moves from one institute to another. • EGA accounts may be used by more than one person. Accounts not shared if these are linked to institutional passwords. • EGA creates more than one account for a person. • Most updated personal information such as postal address, phone number and email address. These are all attributes of trust that the entire EGA service is based on.

  13. EGA AAI ELIXIR pilot project 2012-2013 • The pilot project has two goals: • Authentication – to provide a technical solution that allows federated identity to be used during EGA authentication process at the website. • Authorization – to create an electronic workflow that supports data access application from an appropriate Data Access Committee (DAC) and store access permissions within EGA system. REMS - http://www.terena.org/publications/tnc2013-proceedings/

  14. EGA public website describing the study

  15. EGA webpage describing the dataset

  16. EGA webpage allowing data requests

  17. Authentication and Authorization • The EGA website is running on Drupal Authentication is part of the Drupal user management system. Authorization layer is a custom made solution for the EGA. EGA users with data access permissions are crated using secure tools.

  18. Authentication and Authorization • Federated identity authentication is implemented using Shibboleth. • Users must link federated identity to the EGA created Drupal account before data access authorizations are made available.

  19. GEANT – GN3plus - Enabling Users pilot • Pilot project April 2013 – March 2015 • Link EGA (and REMS) as a service provider (SP) to eduGAIN partner federations. • Address Level of Assurance related to the federated identites. • Address those users that do not have federated identity support from home organisation. • Currently addressing resources, deliverables and milestones.

  20. Addressing issues related to eduGAIN integration • Level of Assurance (LoA) • Proof of identity at the point of creating federated identity. • Separating group accounts from those linked to a single person. • Account termination or re-cycle protocols. • Changes in the national policy documents: • Some documents are not in English. • Keeping up to date with changes to general policies or national implementation of these policies. • EBI requires a dedicated LoA contact person from eduGAIN. • EGA supports the GEANT Code of Conduct

  21. Summary • The EGA is a service that allows researchers to access data produced by biomedical research projects • The ELIXIR AAI pilot project changed the way we authenticate and authorize our data users. This process was not just a technical implementation on our end. • The EGA is now looking into eduGAIN to provide globally the same authentication service available currently for HAKA identities. • The main issues associated to federated identity relate to level of assurance (LoA) – is it possible to classify identities based on LoA in the future?

  22. Acknowledgements Funding European Commission Framework Programme 7 • EBI: Dylan Splading, VasudevKumanduri, Jeff Almeida-King, Saif Ur-Rehman, JagasreeKanda, Thomas Laurent, Brendan Vaughan, Pedro Albuquerque, Jonathan Barker, Justin Paschall • CSC and FIMM: TommiNyrönen, Mikael Linden, JanneLauros, JuhaMuilu, TimoMiettinen, TeemuPerheentupa. • GEANT: Ann Harding, Lukas Hämmerle, LallaMantovani, Wolfgang Pempe

More Related