Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

Here

advertisement 
Resource Entitlement Management System
Manne Miettinen
Mikael Linden
Janne Lauros
CSC – IT Center for Science
Affaire Tournesol
Background
CSC is a non-profit state company
– ICT services for research groups & higher education
institutes
– Wide co-operation with universities and research
institutes (incl. Statistics Finland)
CSC has operated the Finnish academic identity
federation, Haka, since 2005
– Switzerland and Finland are the European pioneers in
federated identity
Identity federation
Local user accounts
University A
Research
Institute B
Service 1
Local user accounts
Learning
management
system (LMS)
Polytechnic C
e.g. Library portal
Service 2
Local user accounts
Haka – the federation of Finnish HE
Identity Provider
(Home university)
Service Provider
U of Turku IdP
SP
National Library portal
U of Helsink IdP
SP
Institutiona Library
Management Systems
U of Tamper IdP
SP
Learning Management
System (Moodle etc)
UAS of Turk IdP
SP
ASP/SaaS services in
university administration
UAS of Hels IdP
SPCSC’s services to researchers
(HPC, grids)
etc
IdP
Haka federation of the Finnish higher education




Identity Provider
maintains the end
user’s identities
(identifiers, roles and
other attributes)
Identity Provider
authenticates an end
user
Identity Provider
release end user’s
attributes to the
service provider
Based on the
attributes, the Service
Provider decides what
kind of services the
user is authorised to
use
Relying on the REMS access rights
Identity
Provider
attributes
Service
Provider
entitlements
REMS
Attribute
Provider
(a) External attribute provider
(c) Or a custom REMS integration
Identity
Provider
Service
Provider
attributes
REMS
IdP proxy
attributes +
entitlements
(b) IdP proxy
Identity Federations in Europe
Federated identity + workflow = REMS
Basic idea of REMS is to
– replace paper based application process with an
automated tool
– build on top of federated identity to avoid
unnecessary and error prone manual maintenance
work of user information
Access to research datasets
0. Fully public access
1. Researcher has a role/group membership
– IdP managed/VO-managed
2. Researcher commits to datasets’ licence terms
3. Researcher fills in and submits an application
- Dataset owner approves/rejects
Resource entitlement management system (REMS)
Or any combination of 1, 2 and 3.
The REMS concept
3. Circulate to
approver
1. Apply
for access
DAC 1
Approver
IdP
Principal
investigator
Applicant
4. Approve
IdP
2. Commit to
licence terms
Research group
Members of the application
SP
REMS
Dataset 1
DAC 2
Approver
Workflow
Reports
Dataset 2
Entitlements
IdP
5. Access
Metadata on
dataset 1&2
CASE: Finnish Social Science Data
Archive
CASE: process for applying access to
Applying access rights to Nordic control DB
the Nordic Control Database
DAC
secretary
Principal
Investigator
Research
group
members
End
Research group
members learn
how to use the
access rights
Start
Fill in or update an
application and
commit to the
terms of use
PI learns access
has been granted/
denied
Request
amendments
Informs PI
on decision
Submit application
Technical check of
the application
Information
on approval
or rejection
Implementation of
DAC’s decision
Infomrs how to access
Proposes approval
or rejection
Operator
DAC
Approval, rejection
or request to
amend of the
application
Informs Operator
Access grant?
Yes
Implement access
rights for the
research group
No
End
Submission
Sanity check
Decision
Implementation
Benefits of REMS
Reduces throughput times of the application
process
Provides easier reporting/audit tools for
owners of the resource and the applicant
Increases information security also by relying
on end users’ home institutions
usernames/passwords and federated
authentication
The REMS implementation
Created originally in the ELIXIR ESFRI project
– Academy of Finland and Ministry of Education and
Culture via CSC) e.g. NOT EU FP7, EMBL etc.
ELIXIR Finland hosted at CSC offers REMS as a
service for biomedical data hosting services in
ELIXIR
Discipline-independent
A Java portlet on Liferay, using Vaadin framework
Open source (LGPL)
Work-in-progress
Development
UI improvements, vulnerability tests,
documentation, publish the code, bug fixes and
feature requests
Operations
maintenance, support, helpdesk
Deployment
new: FSD, TTA, LBR
extend: EGA, biobanking
REMS DEMO
REMS = TAAS?
1. Accredited institution = Identity federation?
2. Requestor’s affiliation = Identity federeration
(affiliation = ”faculty”)
3. Application must be approved = REMS
Links
REMS
https://remsdemo.csc.fi/
http://www.csc.fi/rems
https://tnc2013.terena.org/core/presentation/18
Identity federation
http://www.edugain.org/technical/status.php
https://refeds.org/
Related documents
READINESS AND EMERGENCY MANAGEMENT FOR SCHOOLS
READINESS AND EMERGENCY MANAGEMENT FOR SCHOOLS
CATASTROPHE MODELING, PORTFOLIO BUILDING AND OPTIMIZATION CONFIDENTIAL MATERIALS
CATASTROPHE MODELING, PORTFOLIO BUILDING AND OPTIMIZATION CONFIDENTIAL MATERIALS
Guidelines for RUSA lDP Evaluation
Guidelines for RUSA lDP Evaluation
RUSA-IDP - Osmania University
RUSA-IDP - Osmania University
Alcohol Policy Education Presentation
Alcohol Policy Education Presentation
BECAUSE DRUGS CAN HARM
BECAUSE DRUGS CAN HARM
PPT version - Ashima Research
PPT version - Ashima Research
PPTX - MedBiquitous
PPTX - MedBiquitous
Best Practices in Sponsored Programs
Best Practices in Sponsored Programs
ER/LA REMS - Physicians for Responsible Opioid Prescribing
ER/LA REMS - Physicians for Responsible Opioid Prescribing
Dr. Nadig's PowerPoint slides
Dr. Nadig's PowerPoint slides
Individual Development Plan PowerPoint
Individual Development Plan PowerPoint
Download
advertisement