Virtual Organisations for Trials and Epidemiological Studies (VOTES) –

advertisement

Virtual Organisations for Trials and

Epidemiological Studies (VOTES) –

Experiences & Prototypes after 1 year

Prof Richard Sinnott

Technical Director National e-Science Centre

University of Glasgow r.sinnott@nesc.gla.ac.uk

E-Science Institute Neuro- workshop,

28 th November 2006

Clinical Trials 101

Need to answer questions such as

How many men in Scotland between the ages of 45-65 had a heart attack in the last 5 years? Of those that did, would they be interested in trialling a new drug to prevent possible further serious major events?

Recruitment!

For recruited men, are they regularly taking the new drug (or placebo)? Do they visit their GP/hospital regularly for the drug/placebo, to give samples, for monitoring purposes? Did they have any further major events (or side-effects) in taking the drug?

Data collection!

Who can see the information associated with this trial? Can a hospital doctor, nurse see all of given patients data? Only their

GP? A clinical trials researcher? Who ensures that a study is in the patients interest? Can we simplify the ethical review process?

Who checks the validity of trial results?

Study management!

E-Science Institute Neuro- workshop,

28 th November 2006

VOTES

Virtual Organisations for Trials and Epidemiological Studies

3 year (£2.8M) MRC funded project started October 2005

Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study

Recruitment of potentially eligible participants

Data collection during the study

Study administration and coordination

– Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial

» Strong links with UK Biobank

CVO-2

(e.g. for recruitment)

Clinical Virtual Organisation Framework

Used to realise

CVO-1

(e.g. for data collection)

Disease registries

GPs

GLA

Transfer

Grid

Lei-

Nott

OX

IMP

Hospital databases

Clinical trial data sets

E-Science Institute Neuro- workshop,

28 th November 2006

Grid Background

What is a Grid?

Data Grid vs Compute Grid vs Information

Grid vs Campus Grid vs Enterprise Grid vs

Technologies for Grids

Web services

Globus

OMII-UK

EGEE/gLite

E-Science Institute Neuro- workshop,

28 th November 2006

E-Health Grids…

Essential that they offer

Fine grained security

AAAA

Access/integration of rich variety of clinical data sets

Ease of use for end users

Single sign-on to various remote resources

Site autonomy/manageability for local admins

Scalability for large scale virtual organisations

Controlled dynamicity of users, resources, policies…

HYPOTHESIS: Shibboleth + Grid + advanced authorisation infrastructures can address these issues

E-Science Institute Neuro- workshop,

28 th November 2006

Usability

Grid Security

A

A

A A

Users like usernames/passwords

Provide them (once!)

Users don’t like/understand X.509 based PKI

Forget training, education for most users!

$> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem!

The vast majority most certainly won’t jump through hoops to get on the Grid

“me-Science” culture

E-Science Institute Neuro- workshop,

28 th November 2006

A

A

A

A

Identity management issues

Certificate Revocation Lists

When revoked? By whom? How timely?

Strong passwords for private keys

Users write them down, share them, forget them

Privilege Management

Numerous domains where never get access to local account to “do stuff”

I need to access your NHS DB to run queries, change tables, run arbitrary code…

At NeSC Glasgow we have focused on

 improving

A

A

A

A and

AA

A

A

E-Science Institute Neuro- workshop,

28 th November 2006

Improving “A”

A A A

Best to exploit local authentication

Sites know best if users still at institution and are best placed to state what their privileges are/should be

Introducing Shibboleth

E-Science Institute Neuro- workshop,

28 th November 2006

Introducing Shibboleth

Shibboleth ( http://shibboleth.internet2.edu

)

Definition

Shibboleth [Hebrew for an ear of corn, or a stream or flood]

1. A word which was made the criterion by which to distinguish the Ephraimites from the Gileadites. The

Ephraimites, not being able to pronounce sh, called the word sibboleth. See --Judges xii.

2. Hence, the criterion, test, or watchword of a party; a

 party cry or pet phrase. ]

Shibboleth will replace Athens as access mgt system across UK academia

– i.e. this is main stream and not (weird) Grid solutions!

Federations based on trust

 or more accurately trust but verify numerous international federations exist MAMS, SWITCH, HAKA, SDSS…

E-Science Institute Neuro- workshop,

28 th November 2006

Typical Shibboleth Scenario

Identity Provider

LDAP

AuthN

Home Institution

Federation

Service provider

5. User accesses resource

W.A.Y.F.

User

1.

User points browser at Grid resource/portal (or non-Grid resource)

E-Science Institute Neuro- workshop,

28 th November 2006

Grid resource

/ portal

It’s a start, but…

Benefit from local authentication but really want finer grained control…

I know you have authenticated, but I need to know that you have sufficient/correct privileges to access my VO resources can also return various other information needed to support authorisation decisions

At NeSC we have been working extensively with PERMIS

E-Science Institute Neuro- workshop,

28 th November 2006

Role Based Access Controls

Basic idea is to define:

roles applicable to specific VO

 roles often hierarchical

– Role X ≥ Role Y ≥ Role Z

– Manager can do everything (and more) than an employee can do who can do everything (and more) than a trainee can do

actions allowed/not allowed for VO members

resources comprising VO infrastructure (computers, data resources etc)

A policy then consists of sets of these rules

{ Role x Action x Target }

– Can user with VO role X invoke service Y on resource Z?

Policy itself can be represented in many ways, e.g. XML, XACML, …

Tools available for policy editing, associating users with roles, signing policies etc

Policies stored as attribute certificates in LDAP server

Digitally signed/tamper proof!

E-Science Institute Neuro- workshop,

28 th November 2006

Finer Grained Shibboleth Scenario

Service provider Identity Provider

LDAP

AuthN

Shib

Frontend

Home Institution

Federation

6. Make final AuthZ decision

5. Pass authentication info and attributes to authZ function

W.A.Y.F.

User

1. User points browser at Grid resource/portal

E-Science Institute Neuro- workshop,

28 th November 2006

Grid Portal

Ok, but…

I can do authorisation but I want singlesign on to lots of distributed resources

Browser allows to keep session information so can access other resources without signing in again

Provided authorisation information valid for different service providers

– Each service provider completely autonomous

Can configure attribute release/attribute acceptance policies per identity provider/service provider

E-Science Institute Neuro- workshop,

28 th November 2006

Trials & Tribulations of Scottish

Clinical Data Space

Scottish Data Space…

Scottish Care Information (SCI) Store

Scottish Morbidity Records (SMR)

General Practitioners Administration System for Scotland (GPASS)

Data dictionary

Consent database

E-Science Institute Neuro- workshop,

28 th November 2006

SCI Store

Batch-type system that regional health authorities use

Includes

 lab results, biochemical, haematology, pathology, microbiology, radiology

Front end web based tools

 input data, querying

E-Science Institute Neuro- workshop,

28 th November 2006

SCI Store…ctd

16 SCI stores across Scotland

Atos Origin commercial supplier of technology each have their own schemas collecting different data sets

NeSC been given SCI store software

Includes training data sets

These data sets are partial at best right now

– ~100 tables in schema, but only 10 tables used in data provided

SQLServer back-end database

E-Science Institute Neuro- workshop,

28 th November 2006

A Quick Tour of SCI Store

E-Science Institute Neuro- workshop,

28 th November 2006

Scottish Morbidity Records

Scottish Morbidity Records

Good quality data sets put together by ISD

Historic SMR1 Discharges January 1981 - March 1997

COPPISH SMR01 Discharges April 1997 onwards

Historic SMR4 Discharges 1981 – March 1997

COPPISH SMR04 Admissions April 1996 onwards

GRO Death Records January 1980 - December1995

GRO Death Records January 1996 onwards

SOCRATES (Cancer Registrations) 1980 onwards

(Still) negotiating access to anonymised SMR data sets

E-Science Institute Neuro- workshop,

28 th November 2006

GPASS

General Practice Administration System for

Scotland (GPASS) used by over 85% of GPs in Scotland

 links from SCI Store to GPASS access to GPASS software with training data sets

XML API available for querying

– www.gpass.co.uk

E-Science Institute Neuro- workshop,

28 th November 2006

Data Dictionary

Includes vocabulary for

SMR data

Clinical data

Social care data

Negotiating access to

DB back end or web service front end to this

Will link to data federation framework

/ tools

E-Science Institute Neuro- workshop,

28 th November 2006

Consent…

E-Science Institute Neuro- workshop,

28 th November 2006

Data Linkage

Achieved through Community Health

Index (CHI) number

10-character code consisting of

6-digit date of birth (DDMMYY) two digits

9th digit which is always even for females and odd for males arithmetical check digit

Was scheduled for complete roll-out by 6-6-6

E-Science Institute Neuro- workshop,

28 th November 2006

Distributed Data Framework

E-Science Institute Neuro- workshop,

28 th November 2006

VOTES Demonstrator(s)

Various proof of concept clinical trials linking SCIStore, GPASS, Consent DBs

Brain Trauma network ( www.brainit.org

)

Collecting various data sets from brain trauma patients across Europe

Centrally maintained repository in Glasgow

Southern General Hospital

MRI images

Physiological data sets

We have been given anonymised versions of these data sets

E-Science Institute Neuro- workshop,

28 th November 2006

E-Science Institute Neuro- workshop,

28 th November 2006

E-Science Institute Neuro- workshop,

28 th November 2006

E-Science Institute Neuro- workshop,

28 th November 2006

E-Science Institute Neuro- workshop,

28 th November 2006

E-Science Institute Neuro- workshop,

28 th November 2006

Dynamicity, Scalability…?

UK Shibboleth federation based around small set of pre-agreed attributes based on eduPerson schema

eduPersonScopedAffiliation: indicates the user’s relationship

(e.g., staff, student, etc) within the institution;

eduPersonTargetedID: needed when an SP is presented with an anonymous assertion only, e.g. eduPersonScopedAffiliation. This attribute provides a persistent user pseudonym;

eduPersonPrincipalName: used where a persistent user identifier consistent across different services is needed;

eduPersonEntitlement: enables an institution to assert that a user satisfies an additional set of specific conditions that apply for access to a particular resource

Grid vision for dynamic virtual organisations

Add, remove, change people, institutes, their privileges on the fly for changing sets of resources as required by the VO

E-Science Institute Neuro- workshop,

28 th November 2006

Dynamicity, Scalability…?

Dynamic Virtual Organisations for e-Science

Education (DyVOSE) project

Delegation issuing service

Remote Source of Authority trusts me to assign their roles to my users

– Also allows me to delegate to someone else potentially at a remote site

– I trust them to assign roles to my users directly

E-Science Institute Neuro- workshop,

28 th November 2006

Future Plans

Several other projects looking to exploit these kinds of things

Major EPSRC pilot project (£5.3M) on “Meeting the

Design Challenges of nanoCMOS Electronics”

(project just started)

Security essential in this domain including support for IP of data, simulations, processes, licenses,…

Many other life science projects

Grid Enabled Microarray Expression Profile Search

Scottish Bioinformatics Research Network

Biochemical Pathway Simulator

Further proposals building on these solutions

Scottish Grid Service

E-Science Institute Neuro- workshop,

28 th November 2006

Questions?

E-Science Institute Neuro- workshop,

28 th November 2006

Download