Virtual Organisations for Trials and
Epidemiological Studies (VOTES) –
Experiences & Prototypes after 1 year
Prof Richard Sinnott
Technical Director National e-Science Centre
University of Glasgow r.sinnott@nesc.gla.ac.uk
E-Science Institute Neuro- workshop,
28 th November 2006

Clinical Trials 101
Need to answer questions such as
How many men in Scotland between the ages of 45-65 had a heart attack in the last 5 years? Of those that did, would they be interested in trialling a new drug to prevent possible further serious major events?

Recruitment!
For recruited men, are they regularly taking the new drug (or placebo)? Do they visit their GP/hospital regularly for the drug/placebo, to give samples, for monitoring purposes? Did they have any further major events (or side-effects) in taking the drug?

Data collection!
Who can see the information associated with this trial? Can a hospital doctor, nurse see all of given patients data? Only their
GP? A clinical trials researcher? Who ensures that a study is in the patients interest? Can we simplify the ethical review process?
Who checks the validity of trial results?

Study management!
E-Science Institute Neuro- workshop,
28 th November 2006

VOTES
Virtual Organisations for Trials and Epidemiological Studies
3 year (£2.8M) MRC funded project started October 2005
Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study



Recruitment of potentially eligible participants
Data collection during the study
Study administration and coordination
– Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial
» Strong links with UK Biobank
CVO-2
(e.g. for recruitment)
Clinical Virtual Organisation Framework
Used to realise
CVO-1
(e.g. for data collection)
Disease registries
GPs
GLA
Transfer
Grid
Lei-
Nott
OX
IMP
Hospital databases
Clinical trial data sets
E-Science Institute Neuro- workshop,
28 th November 2006

Data Grid vs Compute Grid vs Information
Grid vs Campus Grid vs Enterprise Grid vs
…
Web services
Globus
OMII-UK
EGEE/gLite
…
E-Science Institute Neuro- workshop,
28 th November 2006

Fine grained security

AAAA
Access/integration of rich variety of clinical data sets
Ease of use for end users
Single sign-on to various remote resources
Site autonomy/manageability for local admins
Scalability for large scale virtual organisations
Controlled dynamicity of users, resources, policies…
…
– HYPOTHESIS: Shibboleth + Grid + advanced authorisation infrastructures can address these issues
E-Science Institute Neuro- workshop,
28 th November 2006

Grid Security
A
A
A A
Users like usernames/passwords
Provide them (once!)
Users don’t like/understand X.509 based PKI
Forget training, education for most users!

$> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem!
The vast majority most certainly won’t jump through hoops to get on the Grid

“me-Science” culture
E-Science Institute Neuro- workshop,
28 th November 2006

A
A
A
Identity management issues
Certificate Revocation Lists
When revoked? By whom? How timely?
Strong passwords for private keys
Users write them down, share them, forget them
Privilege Management
Numerous domains where never get access to local account to “do stuff”

I need to access your NHS DB to run queries, change tables, run arbitrary code…
At NeSC Glasgow we have focused on
 improving
A
A
A
A and
AA
A
A
E-Science Institute Neuro- workshop,
28 th November 2006

Improving “A”
A A A
Best to exploit local authentication
Sites know best if users still at institution and are best placed to state what their privileges are/should be
Introducing Shibboleth
E-Science Institute Neuro- workshop,
28 th November 2006

Introducing Shibboleth
Shibboleth ( http://shibboleth.internet2.edu
)
Definition
Shibboleth [Hebrew for an ear of corn, or a stream or flood]
1. A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The
Ephraimites, not being able to pronounce sh, called the word sibboleth. See --Judges xii.
2. Hence, the criterion, test, or watchword of a party; a
 party cry or pet phrase. ]
Shibboleth will replace Athens as access mgt system across UK academia
– i.e. this is main stream and not (weird) Grid solutions!
Federations based on trust

 or more accurately trust but verify numerous international federations exist MAMS, SWITCH, HAKA, SDSS…
E-Science Institute Neuro- workshop,
28 th November 2006

Typical Shibboleth Scenario
Identity Provider
LDAP
AuthN
Home Institution
Federation
Service provider
5. User accesses resource
W.A.Y.F.
User
1.
User points browser at Grid resource/portal (or non-Grid resource)
E-Science Institute Neuro- workshop,
28 th November 2006
Grid resource
/ portal

It’s a start, but…
Benefit from local authentication but really want finer grained control…
I know you have authenticated, but I need to know that you have sufficient/correct privileges to access my VO resources can also return various other information needed to support authorisation decisions

At NeSC we have been working extensively with PERMIS
E-Science Institute Neuro- workshop,
28 th November 2006

Role Based Access Controls
Basic idea is to define:
roles applicable to specific VO
 roles often hierarchical
– Role X ≥ Role Y ≥ Role Z
– Manager can do everything (and more) than an employee can do who can do everything (and more) than a trainee can do
actions allowed/not allowed for VO members
resources comprising VO infrastructure (computers, data resources etc)
A policy then consists of sets of these rules

{ Role x Action x Target }

– Can user with VO role X invoke service Y on resource Z?
Policy itself can be represented in many ways, e.g. XML, XACML, …
Tools available for policy editing, associating users with roles, signing policies etc
Policies stored as attribute certificates in LDAP server

Digitally signed/tamper proof!
E-Science Institute Neuro- workshop,
28 th November 2006

Finer Grained Shibboleth Scenario
Service provider Identity Provider
LDAP
AuthN
Shib
Frontend
Home Institution
Federation
6. Make final AuthZ decision
5. Pass authentication info and attributes to authZ function
W.A.Y.F.
User
1. User points browser at Grid resource/portal
E-Science Institute Neuro- workshop,
28 th November 2006
Grid Portal

Ok, but…
I can do authorisation but I want singlesign on to lots of distributed resources
Browser allows to keep session information so can access other resources without signing in again


Provided authorisation information valid for different service providers
– Each service provider completely autonomous
Can configure attribute release/attribute acceptance policies per identity provider/service provider
E-Science Institute Neuro- workshop,
28 th November 2006

Trials & Tribulations of Scottish
Clinical Data Space
Scottish Data Space…
Scottish Care Information (SCI) Store
Scottish Morbidity Records (SMR)
General Practitioners Administration System for Scotland (GPASS)
Data dictionary
…
Consent database
E-Science Institute Neuro- workshop,
28 th November 2006

SCI Store
Batch-type system that regional health authorities use
Includes






 lab results, biochemical, haematology, pathology, microbiology, radiology
…
Front end web based tools

 input data, querying
E-Science Institute Neuro- workshop,
28 th November 2006

SCI Store…ctd
16 SCI stores across Scotland
Atos Origin commercial supplier of technology each have their own schemas collecting different data sets
NeSC been given SCI store software
Includes training data sets

These data sets are partial at best right now
– ~100 tables in schema, but only 10 tables used in data provided
SQLServer back-end database
E-Science Institute Neuro- workshop,
28 th November 2006

A Quick Tour of SCI Store
E-Science Institute Neuro- workshop,
28 th November 2006

Scottish Morbidity Records
Good quality data sets put together by ISD







Historic SMR1 Discharges January 1981 - March 1997
COPPISH SMR01 Discharges April 1997 onwards
Historic SMR4 Discharges 1981 – March 1997
COPPISH SMR04 Admissions April 1996 onwards
GRO Death Records January 1980 - December1995
GRO Death Records January 1996 onwards
SOCRATES (Cancer Registrations) 1980 onwards
(Still) negotiating access to anonymised SMR data sets
E-Science Institute Neuro- workshop,
28 th November 2006

GPASS
General Practice Administration System for
Scotland (GPASS) used by over 85% of GPs in Scotland
 links from SCI Store to GPASS access to GPASS software with training data sets

XML API available for querying
– www.gpass.co.uk
E-Science Institute Neuro- workshop,
28 th November 2006

Data Dictionary
Includes vocabulary for
SMR data
Clinical data
Social care data

Negotiating access to
DB back end or web service front end to this

Will link to data federation framework
/ tools
E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

Data Linkage
Achieved through Community Health
Index (CHI) number
10-character code consisting of




6-digit date of birth (DDMMYY) two digits
9th digit which is always even for females and odd for males arithmetical check digit
Was scheduled for complete roll-out by 6-6-6
E-Science Institute Neuro- workshop,
28 th November 2006

Distributed Data Framework
E-Science Institute Neuro- workshop,
28 th November 2006

VOTES Demonstrator(s)
Various proof of concept clinical trials linking SCIStore, GPASS, Consent DBs
Brain Trauma network ( www.brainit.org
)
Collecting various data sets from brain trauma patients across Europe
Centrally maintained repository in Glasgow
Southern General Hospital
MRI images
Physiological data sets
We have been given anonymised versions of these data sets
E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006

UK Shibboleth federation based around small set of pre-agreed attributes based on eduPerson schema
eduPersonScopedAffiliation: indicates the user’s relationship
(e.g., staff, student, etc) within the institution;
eduPersonTargetedID: needed when an SP is presented with an anonymous assertion only, e.g. eduPersonScopedAffiliation. This attribute provides a persistent user pseudonym;
eduPersonPrincipalName: used where a persistent user identifier consistent across different services is needed;
eduPersonEntitlement: enables an institution to assert that a user satisfies an additional set of specific conditions that apply for access to a particular resource
Grid vision for dynamic virtual organisations
Add, remove, change people, institutes, their privileges on the fly for changing sets of resources as required by the VO
E-Science Institute Neuro- workshop,
28 th November 2006

Dynamic Virtual Organisations for e-Science
Education (DyVOSE) project
Delegation issuing service

Remote Source of Authority trusts me to assign their roles to my users
– Also allows me to delegate to someone else potentially at a remote site
– I trust them to assign roles to my users directly
E-Science Institute Neuro- workshop,
28 th November 2006

Several other projects looking to exploit these kinds of things
Major EPSRC pilot project (£5.3M) on “Meeting the
Design Challenges of nanoCMOS Electronics”
(project just started)

Security essential in this domain including support for IP of data, simulations, processes, licenses,…
Many other life science projects



Grid Enabled Microarray Expression Profile Search
Scottish Bioinformatics Research Network
Biochemical Pathway Simulator
Further proposals building on these solutions

Scottish Grid Service
E-Science Institute Neuro- workshop,
28 th November 2006

E-Science Institute Neuro- workshop,
28 th November 2006