Security-oriented Portals for the Life Sciences
Prof. Richard O. Sinnott
National e-Science Centre
University of Glasgow, Scotland
r.sinnott@nesc.gla.ac.uk
IWPLS 2009,
Edinburgh, 14th September 2009
Overview
NeSC Glasgow
Security and Grid security
X
X
X
X
Compute-oriented,
Data-oriented,
User-oriented,
…
Life Sciences at NeSC Glasgow
Data Management through e-Social Science (DAMES)
Disorders of Sex Development (EuroDSD)
Demonstration/videos
Conclusions
IWPLS 2009,
Edinburgh, 14th September 2009
NeSC Glasgow
E-Science Hub
Externally
X
Glasgow end of NeSC
– Involved in numerous UK wide activities/projects
Internally
X
X
Focal point for e-Science research/activities at Glasgow
Work closely with foundation departments
– Department of Computing Science
J. Jiang
Chris
Bayliss
» Established first UK Grid Computing course
X
– Department of Physics & Astronomy
Also working with other groups including
– Bioinformatics Research Centre,
– Biostatistics
– Electronics and Electrical Engineering
– Clinicians & numerous hospitals across Scotland,
– Arts & Humanities,
– University Services …
NeSC GU now part of University IT Services
IWPLS 2009,
Edinburgh, 14th September 2009
J.Mohammad
(PhD)
Gordon
Stewart
C. Millar
T.Doherty
VPman
S. Hussain
(PhD)
David Martin
(ScotGrid
sys-admin)
Camera
Shy
H. Sarwar
NeSC Glasgow Projects
Running/Due to Start
Completed
National e-Science Centre (NeSC-I, NeSC-II, NeSC-III)
Dynamic Virtual Organisations for e-Science Education
(DyVOSE)
Biomedical Research Informatics Delivered by Grid
Enabled Services (BRIDGES)
Grid Enabled Microarray Expression Profile Search
(GEMEPS)
GridNet
Glasgow early adoption of Shibboleth (GLASS)
Joint Data Standards Survey (JDSS)
ESP-Grid
GridNet-2
HPC Compute cluster award
Sun industrial sponsorship
OGC Collision
OMII-Security Portlets
OMII-RAVE
Grid Enabled Occupational Data Environment (GEODE)
Towards an e-Infrastructure for e-Science Digital
Repositories
Grid enabled Biochemical Pathway Simulator
Virtual Organisations for Trials and Epidemiological
Studies (VOTES)
Towards a European e-Infrastructure for e-Science
Repositories
Modelling, Inference and Analysis for Biological Systems
up to the Cellular Level
IWPLS 2009,
Edinburgh, 14th September 2009
Scottish Bioinformatics Research Network (SBRN)
Generation Scotland Scottish Family Health Study
Meeting the Design Challenges of nanoCMOS
Electronics (nanoCMOS)
Integrating VOMS and PERMIS for Superior Grid
Authorization (VPman)
Drug Discovery Portal
EU FW7 Avert-IT
EU FW7 EuroDSD
Breast Cancer Tissue Biobank
Data Management through e-Social Science (DAMES)
NeSC Research Platform (NRP)
NeSC Information Network (NIN)
Advanced Grid Authorisation through Semantic
Technologies (AGAST)
ShinTau (Supporting Multiple Shibboleth Attribute
Authorities)
Pharming of Therapeutic RNA
NCeSS Technical Management
CESSDA PPP
Scottish Health Informatics Platform for Research (SHIP)
National E-Infrastructure for Social Simulation (NeISS)
Enhancing Repositories for Language and Literature
Researchers (ENROLLER)
SECURITY
IWPLS 2009,
Edinburgh, 14th September 2009
Populations
Organisms
Physiology
Organs
Tissues
Cell signalling
Cell
Protein-protein interaction (pathways)
Protein functions
Protein Structures
Gene expressions
Nucleotide structures
Nucleotide sequences
The e-Health Future…
e-Security
Security
Key is that should support
X
X
seamless access to a heterogeneous variety of “distributed” compute and data
(and other) resources
– Often domain specific – especially data!
single sign-on
– Authenticate once and access numerous distributed resources
AAAA (
+privacy, confidentiality, integrity…)
– Authentication
» (know who “they” are)
– Authorisation
» (decide what “they” can do and enforce it)
– Auditing/accounting
» (keeping track of who did what/when for security checks/charging etc)
Portals good fit here…
Interface to targeted resources
X
Services, data resources, tools, …
First line of security…
IWPLS 2009,
Edinburgh, 14th September 2009
Authentication
A_ _ _
Authentication – knowing your punters
X
X509-based Public Key Infrastructures (PKI)
– Hated by all non X509-PKI Grid folk
» (=99.9% of people academics/researchers)
– Should never have to be made visible to users!
– $> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem
Ouch!
IWPLS 2009,
Edinburgh, 14th September 2009
More User Oriented Security
A_ _ _
Federated Authentication, e.g. through Shibboleth
LDAP
4.
Identity Provider
AuthN
Ho
m
e
Home Institution
3.
U
ho ser
m se
e
in lect
st s
itu th
tio eir
n
sit
e
au
th
en
tic
at
es
Federation
us
er
Service provider
Log-in once and roam
W.A.Y.F.
User
1.
2
us . Sh
er ib
to bo
W let
.A h
.Y red
.F ir
. s ec
er ts
vic
e
User points browser at Grid
resource/portal (or non-Grid
resource)
IWPLS 2009,
Edinburgh, 14th September 2009
5. User accesses resource
Web site/e-Journal
_A__
Authorisation
Defining what they can do and define and enforce rules
X
Each site will have different rules/regulations
Also known as Virtual Organisations (VO)
X
Collection of distributed resources shared by collection of users from one or more
organizations typically to work on common research goal
– Provides conceptual framework for rules and regulations for resources to be
offered/shared between VO institutions/members
– Different domains place greater/lesser emphasis on expression and
enforcement of rules and regulations (policies)
VO
Org1
{Resources}
{Users}
...
{Resources}
IWPLS 2009,
Edinburgh, 14th September 2009
Orgn
{Users}
Shibboleth-based Federated VOs
uid
Identity Provider
AuthZ
LDAP
AuthZ
Service provider
LDAP
Identity Provider
Shib
Frontend
AuthN
LDAP
LDAP
W.A.Y.F.
2
us . S
er hib
to bo
W let
.A h
.Y red
.F ir
. s ec
er ts
vic
e
1. User points browser at Grid
resource/portal
6. Make final AuthZ decision
ion
licat
p
p
A
Grid
5. Pass authentication info and
attributes to authZ function
Ho
m
pu u e s
sh se ite
e r
a
se s at and uth
en
rv tri
ice bu
tic
t
at
pr es
es
ov to
ide th
r e
3.
U
ho ser
m se
e
in lect
st s
itu th
tio eir
n
Home Institution
4.
Home Institution
4.
H
pu om
sh e s
es ite
at au
tri
bu the
te nti
s
to cate
th s
e us
se e
rv r a
ice nd
Federation
pr
ov
ide
r
User points browser
Grid Portal
at Grid resource/
portal
User
IWPLS 2009,
Edinburgh, 14th September 2009
User
AuthN
Privileges, Resources, Access
Control and Trust
uid
Identity Provider
AuthZ
LDAP
Home Institution
3.
U
ho ser
m se
e
in lect
st s
itu th
tio eir
n
Shib
Frontend
AuthN
4.
H
pu om
sh e s
es ite
at au
tri
bu the
te nti
s
to cate
th s
e us
se e
rv r a
ice nd
Federation
pr
ov
ide
r
W.A.Y.F.
User
Service provider
LDAP
2
us . Sh
er ib
to bo
W let
.A h
.Y red
.F ir
. s ec
er ts
vic
e
6. Make final AuthZ decision
tion
plica
p
A
Grid
5. Pass authentication info and
attributes to authZ function
1. User points browser at Grid
resource/portal
IWPLS 2009,
Edinburgh, 14th September 2009
Grid Portal
SPAM-GP Portlets
‰ Family of JSR-168 compliant portlets for VO admins:
‰ scoped attributed management portlet (SCAMP)
¾ Who do you trust?
‰ dynamic portal configuration management (CCP)
¾ What you can see is what you can do.
‰ attribute certificate portlet (ACP)
¾ securely push attributes out to collaborators and use them when
accessing protected services
IWPLS 2009,
Edinburgh, 14th September 2009
Demonstration
IWPLS 2009,
Edinburgh, 14th September 2009
Data, Data Everywhere…
Data Management through e-Social Science
(DAMES – www.dames.org.uk)
Various data management themes
X
X
X
X
Occupational data theme
– builds on GEODE project (www.geode.stir.ac.uk)
Education data theme (GEEDE)
Minorities/Ethnicity theme (GEMDE)
E-Health theme (GEHDE)
– Initial focus on depression, self-harm and suicide
» Does the number of people in a household have any effect on suicide rates?
» Is there a correlation between age, sex, marital status, history of drug use (including
prescribing drugs / anti-depressants) on suicide?
» What is relation with access to parkland/green fields on depression?
» What is optimal way to treat different forms of depression, e.g. drug treatments,
therapists, …?
» …
IWPLS 2009,
Edinburgh, 14th September 2009
Data, Data Locked Away Everywhere…
GEHDE
Linking clinical data with social science data for research into self
harm, depression and suicide
X
Scottish Morbidity Records (SMR)
– Aggregated clinical records from last 30+ years across Scotland
» SMR01A
» SMR04A
discharges
» SMR06A
» SMR99A
General acute inpatient and day case discharges (3,719,206 records)
Psychiatric and mental handicap hospitals and units: admissions, residents and
(241,599 records)
Scottish cancer registrations (171,167 records)
Deaths (173,615 records)
– All SMR data contain various geographical indicators for instance postcode, regional
areas, council areas, census output areas
X
General Practitioners Administration System for Scotland (GPASS)
– E-Pharmacy
» Prescriptions issued for drugs across Scotland, e.g. anti-depressants
X
X
Census health related data
– CasWeb / MIMAS
Geospatial data
– www.edina.ac.uk
IWPLS 2009,
Edinburgh, 14th September 2009
Demonstration
IWPLS 2009,
Edinburgh, 14th September 2009
Example of EuroDSD
Investigation of the molecular pathogenesis and
pathophysiology of Disorders of Sex Development
(DSD) - EuroDSD
3-year project started May 2008
X
X
X
Builds on initial software prototypes built for ESPE by NeSC
Support for research into disorders of sex development
– Currently quite topical
Clinical Contributors across Europe
– Germany, France, UK, Sweden, Italy, Netherlands, …
IWPLS 2009,
Edinburgh, 14th September 2009
EuroDSD Work
WP1 - Virtual Research Environment (VRE) for DSD research
More later
WP2 - Identification of novel genetic markers for DSD
Design and validate a DSD GeneChip
Identify and confirm novel genetic markers of DSD
WP3 - Functional assessment of androgen receptor (AR) mutant
analysis
Europe-wide study of patients with partial androgen insensitivity syndrome
(PAIS) to correlate phenotype, AR mutation and function in vitro with
pubertal outcome
WP4 - Characterization of the “androgen-memory”
high throughput methylation analyses related to phenotype, genotype,
molecular androgen receptor (AR) function
WP5 - Steroid Metabolomics
steroid profiling as discovery tool for patients with 46,XY DSD
WP6 - DSD e-learning webportal
interactive learning environment for up to date program on DSD
WP7 – Project Management
IWPLS 2009,
Edinburgh, 14th September 2009
EuroDSD::WP1
At the heart of the VRE is the Registry for registering cases
“…we expect that around 1800 primary cases will fulfil the requirements for
data entry, approximately 300 from each centre”
Other tools
Collaborative tools, e.g. wikis, Bioinformatics tools
registration
SECURE PORTAL / VRE
upload
Registry
Bioinformatics
tools
consent
query
Core Data
BLAST
edit
delete
Gene
Screening
OtherData
discuss
IWPLS 2009,
Edinburgh, 14th September 2009
Biochemical
simulators
Demonstration
IWPLS 2009,
Edinburgh, 14th September 2009
Registry Statistics
As of last night
… 302 cases and moving in the right direction!
IWPLS 2009,
Edinburgh, 14th September 2009
Conclusions
Continuing to work in this space
Many domains have different demands and
expectations
X
X
nanoCMOS electronics did not like portal based solutions
Life scientists/other researchers accept them more readily
Scottish Health Informatics Platform for Research
3 year project £3.5m funded by Wellcome Trust, EPSRC,
ESRC, MRC
X
Started April 2009
– Includes ~£1m for the NHS
» Essential to support collaboration
IWPLS 2009,
Edinburgh, 14th September 2009