Versions Compared

Old Version 17

changes.mady.by.user Jiří Pavlík

Saved on

compared with

New Version Current

changes.mady.by.user Jiří Pavlík

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page contains the details of the surveys and interviews that are being performed by JRA1.1 with user communities, research infrastructures, e-infrastructures, and other stakeholders of the AARC project.

Table of Contents
maxLevel2

Surveys

BioVel

BioVel supports researchers in the domain of ecology, biodiversity and ecosystems science.

...

 In detail we use AAI:

  1. In our Discovery Tool (primo-ExLibris Primo ) to access research papers and electronic resources, display and download full-text from e-journals and e-books, discovery tool e-shelf. To search directly databases or a electronic journals.
  2. OPAC services: access to  users' personal area, book reservations, loans renewal; interlibrary loan and document delivery requests using the university online forms  forms or SFX form. Access the  digital library of SebinaYou (Data Managment).
  3. Online services of the library: photocopying, scanning of documents, printing .
  4. Institutional repository: documents loading in the Institutional Repository (ARCA-Iris Cineca); Loading of doctoral thesis in the institutional repository of theses (D-SpaceDSpace).

We need to find a solution with ExLibris to access Primo and our resources from the discovery tool interface using AAI.

What is the current experience with AAI of your community?

...

Has your community/research infrastructure already uses AAI solutions for their use case?

Yes. YES

What benefits do you see for Federated Access?

...

  • Lack of technical knowledge.
  • It is unclear how to organise an Identity Management (IdM).
  • It is unclear if the IdM should be internally or externally done.
  • There is no clarity in the organization about the benefits of using an IdM.
  • We already have an IdM but it is not completely compatible with SAML/OpenID or other industry-standards.
  • Too much bureaucracy to join a federation.
  • Other : There are still a lot of publishers who are not members of the federation and for libraries it seems  important to provide users with a unique way of accessing electronic resources.

...

  • The Management doesn’t consider that important.
  • No enough funds/resources (human resources).

What is the user experience in the interaction with the available AAI solutions?

...

It would be useful to present online guides and tutorials in the webpages where the users access ER and need instructions. Tutorial should be easy and user-friendly

 Do Do you see the need for trainings to better inform representatives of members in your research area?

...

We use eduPersonScopedAffiliation with the value assigned from looking different databases (teachers, students, staff ...) according to the rules of eduPerson

 

Which IdPs your users would use?

  • Their institutional IdP, part of national federations and eduGAIN.

  • Non federated institutional IdPs.

  • Research community catch-all IdP.

  • Social media, at the moment is not used, but it would be useful for guest users of university libraries: facebook credentials would be accepted if certified by one or more institutional users. As for public libraries Facebook credentials  could be certified by other registered users.

...

If yes, whom can we contact to ask further questions on your LoA needs? There is a dedicated task in AARC that investigates LoA.

YESYes, for the main university services. Libraries do not need it,   they need only a level 1.

...

  1. Resource discovery through a Registry. Users will search the registry and find the description of relevant distributed resources, to be accessed directly from the data provider. Data providers have different policies for access. 
  2.  Creation of integrated databases. This will be developed at experimental level for selected topics. The integrated database will be hosted by the project.

What is the current experience with AAI of your community?

Without federated access, resource discovery is cumbersome, as users are required to login at different services every time they want to access a resource. This limits the usefulness of the registry. There is no clear perception among partners about the utility of IdM. This is not part of the project original objectives. No resources are allocated to the task.

...

We suggest to develop a pilot use case with one/two project partner and then move to implementation with a larger base. Please note that the project will end in January 2017 so at least the pilot must be implemented by then.

Interviews

Interviews

Lifewatch

Lifewatch overview

Lifewatch (LW) is an ESFRI, more information about the LW overall objectives here:

...

Penetration of the federated AAI

Experience in Spain

...

At the moment in Spain many institutions are not part of eduGAIN, since they are supporting a previously established national federation PAPI not SAML2 compliant. Some of the institutes are migrating, and the goal would be to federate LW portals and services to eduGAIN.

...

In other countries, for example Portugal, the penetration of SAML2 standard in the federation is more advanced and the link with eduGAIN should be achieved with no big effort required.

EPOS

EPOS is integrating the diverse European Research Infrastructures for solid Earth Science, and will build on new e-science opportunities to monitor and understand the dynamic and complex solid-Earth System.

The existing national RIs for solid Earth science in Europe generate data and information and are responsible for the operation of instrumentation in each country. They represent the starting point of the EPOS integration plan. The national RIs have a significant economic value both in terms of construction and yearly operational costs, which are typically covered by national investments that will continue during EPOS construction and operation.

The Thematic Core Services constitute the community-specific integration. They represent a governance framework where data and services are provided and where each community discusses its specific implementation and sustainability strategies as well as legal and ethical issues.

The Integrated Core Services represent the novel e-infrastructure consisting of services that will allow access to multidisciplinary data, data products, and synthetic data from simulations, processing and visualization tools.

The key element of the ICS is the central hub (ICS-C) where users can discover and access to data and data products available in the TCS and NRIs as well as access to a set of services for integrating and analysing multidisciplinary data. The interface between TCS and ICS is the compatibility layer, which organizes communication and exchange of information.

The ICS-C will also provide access to distributed computational resources for visualizing, processing and modelling data and data products. These distributed computational resources form the distributed ICS (ICS-d) and include access to supercomputing and facilities as well as to visualization, processing and modelling tools.

AAI Use case

The user needs to delegate the central services to act on the distributed data. Central services must be able to search for the data, move the data from a repository to another (usually from a TCS to a ICS) and submit processing tasks that can access the data moved in the ICS, on behalf of the user. Therefore delegation is a critical requirement to access data repositories.
The users communities within EPOS often did not have authentication mechanisms, e.g. seismologists, and some of them have a preference towards eduGAIN, SAML2, and have started moving forward on this direction. 
Depending on the dataset data can be sensitive, unauthorized access can cause economical damage, or ethical issues. In general access control must be ensured.
In general the use case will be to implement authentication and authorization for the EPOS infrastructure, maintaining interoperability with the e-infrastrucutres that are supporting the community: EGI, EUDAT, but also PRACE for HPC.
A specific computational use case is the VERCE one:
The user needs to produces simulations.
The simulation framework requires to access real RAW data that matches the simulation, to be used in the processing. The framework access and downloads (on behalf of the user, if needed) the RAW data, and puts it in a temporary storage to be accessed multiple times by the computing framework.The computational tasks are submitted to an HPC (cloud or HTC)
facility on behalf of the user.
The RAW data is available in a repository in a TCS, while the storage used during the processing and the output storafge are provided by e-infrastructures such as EUDAT or EGI.

EISCAT 3D

EISCAT Scientific Association is funded by six research councils. The operations of the facilities are divided in two halves, one common programme for joint activities, and the other is distributed among the associates according to funding. The lower levels of data gathered are available only to the associate countries, and in the non-common each associates have exclusive rights for one year. In recent years, a programme for smaller organisations have been opened to operate the facilities at relative small costs. These affiliate organisations have the right to data for one year after the date of observations.

The data access control of this has so far been based on the IP address, but with the inclusion of affiliates this becomes more and more complicated. Also, the logging of who downloads data is not done, meaning there is no way of communicate to the users any new information of problems with the data they have taken. Also, for the reporting to the owners, there is no information taken for what kind of study the data has been downloaded.

The access policy to data are:

  • In some countries (full partners of EISCAT) all the users/researchers of the country can access the data.
  • In other countries there may be affiliated institutions eligible to access, but only employees of the institutions can access.
  • The access policy database for most of the use cases contains only the country, without higher granularity of information.

The highest level of assurance is required for who is accessing is to access the radar facility itself, to schedule specific analysis, authorization is usually managed by the radar site.

EISCAT architecture is - at a very high level - composed by one or more of the following facilities/entities:

  • Radar site, where data is produced
  • Operations centre, whcih provides - among other services - computing and storage
  • Processing sites
  • User portal, where the users can connect to browse available data, and access the eiscat services in the opertions centre. All the interactions of the sers are through the poral(s), where user can search/move the data within the eiscat infrastructure, but also download the data.

The use case here, would be a good way for authentication of who and possibly why they download data. An 'EISCAT' certificate for users, including who, why, when, how the user will handle the data. One could think of different levels of the certificate for different levels of data.

Data becomes open after a certain amount of time, depending on specific policies, but also to access open data a low level of authentication of user is preferrable to enable accounting.

The Operation Centre is a central facility where data is pre-processed, and stored. Users to further process the data have to stage it to other facilities, processing sites, where temporary storage is provided together with computing services. Some parts of the data cannot be staged/moved, and therefore the computing tasks must be able to access the central repository in the operations centre, on behalf of the user.

The EISCAT 3D use case requires interoperability between e-infrastructures: EGI, EUDAT, PRACE.

HUMAN BRAIN PROJECT

HBP is working on enabling AAI the following plaftorms (other platforms to come):

Neuroinformatic

One of the HBP's most important objectives is to make it easier for neuroscientists to organise and access the massive volumes of heterogeneous data. The HBP will use these tools to develop detailed multi-level atlases of the rodent and human brains, bringing together data from the literature, and from on-going research, and providing a single source of annotated, high quality data for the HBP modelling effort and for the international neuroscience community. Another key feature of the platform will be support for Predictive Neuroinformatics: the mining of large volumes of data and analysis of activity data to identify patterns and relationships between data from different levels of biological organisation, making it possible to predict parameters where experimental data is not yet available and to test and calibrate model implementations.

Neuromorphic computing

Allows non-expert neuroscientists and engineers to perform experiments with configurable Neuromorphic Computing Systems (NCS) implementing simplified versions of brain models developed on the Brain Simulation Platform as well as on generic circuit models.

Neuro-robotics

The Neurorobotics Platform will offer scientists and technology developers a software and hardware infrastructure allowing them to connect pre-validated brain models to detailed simulations of robot bodies and environments and to use the resulting neurorobotic systems in in silico experiments and technology development.

HPC

Provide the HBP Consortium and the broader European neuroscience community with supercomputing, Big Data and Cloud capabilities at the exascale, as well as the system software, middleware, interactive computational steering and visualisation support necessary to create and simulate multi-scale brain models and to address the hard-scaling challenges of whole brain modelling.

Collaboratory

Provide the central services to support all the other platforms.
This will include also a catch-all IdP for the HBP users.
Authorization is often delegated to the service provider. Group authorization can be implemented centrally, but the access to the
resources is always vetted by the service provider. This is the case, for example, for the HPC platform.
Some of the services are behind a high level of assurance authentication of the users, e.g. users must provide a copy of the
passport to the service provider. This is the case, for example, for the HPC platform or the Neuromorphic one.

HBP Users types

  • Some are researchers from public research/education institutions.
  • HBP expects to have also  companies and indivudals as users.
  • Many users join the collaboration by invitation.
  • HBP is highly interested in a PID to uniquely identify the users and HBP is looking for potential external sources of such PID.
  • Inclusiveness is a critical feature of every AAI implementation for HBP.


HBP is working on an AAI infrastructure to enable also users outside HBP, this will include:

  • Authentication interfaces
  • Authorization tokens
  • Support for SAML2 based technology (ECP profile)

HBP services are likely to use OpenID Connect for authentication. HBP is an internnational collboration that spans across multiple continents.