Shibboleth and VOTES

1
Shibboleth and VOTES

• Three areas of clinical trials have been
  identified as particularly pertinent to the goals
  of the VOTES project
• Patient Recruitment achieving a higher rate of
  successful recruitment of eligible subjects, with
  more efficient targeting over a wider population.
• Data Collection over the course of a trial,
  e.g. the drugs/placebos that patients are taking
  and measuring their effects
• Study Management processes involved in
  recruitment to ensure for example that the right
  people see the right data in the right context
• The central point of establishing collaborative
  use of trial data is by creating a Clinical
  Virtual Organisation of participating
  institutions
• Shibbing VOTES
• Using Shibboleth, co-operating sites in a
  federation are expected to trust local security
  infrastructures in establishing the identity of
  users (Authentication) and their associated
  privileges (Authorization). To support this, the
  Shibboleth architecture and associated protocols
  identify several key components that should be
  supported. These include the Identity Provider
  (IdP) also known as the origin, Service
  Providers (SP) also known as targets and the
  optional inclusion of a Where Are You From (WAYF)
  services.
• Through these components, end users will have
  single usernames and passwords for their own
  institutions which, depending on local security
  policies, will provide seamless access to a range
  of resources at collaborating institutions in the
  Shibboleth federation.

Overview The UK academic community is currently
in the process of deploying Shibboleth
technologies to support local, existing methods
of authentication for remote login to resources.
Shibboleth is a standards-based, open source
middleware that provides Single Sign On (SSO) web
access across or within organizational
boundaries. It allows sites to make informed
authorization decisions for individual access of
protected online resources, whilst maintaining
privacy and integrity in all communications. The
National e-Science Centre in Glasgow is one of
the pioneers in developing applications that make
use of Shibboleth for grid technology in UK
academia. Through a variety of projects,
Shibboleth-based authentication and fine-grained
authorization has been realized by combining this
technology with a wide range of other grid
middleware. One major project that exemplifies
the use of this technology is VOTES Virtual
Organisations for Trials and Epidemiological
Studies. VOTES VOTES is a pioneering project
investigating the application of grid technology
to the field of clinical trials and studies. It
addresses the issues surrounding life-science
studies on a macro scale In terms of
e-Science, the emphasis of the project is to
create a security oriented data grid that links
disparate data sources from across multiple
domains, in a bid to gain greater scientific and
medical insight using the clinical data available.
2
Shibboleth and VOTES

• Shibboleth has been applied to the VOTES project
  by associating the establishment of identity
  within a federation to the role-based allocation
  of privileges within the VOTES portal.
• Shibboleth in other projects
• NeSC in Glasgow is currently developing a wide
  range of grid applications, through various other
  projects. Within these projects, security of
  private yet flexible assertion of authentication
  and authorization has been applied using
  Shibboleth.
• BRIDGES
• The BRIDGES project (Biomedical Research
  Informatics Delivered by Grid Enabled Services)
  focuses on delivering a grid infrastructure
  offering secure access to and usage of highly
  distributed, evolving biomedical data sets.
• BRIDGES Portal uses the X.509 Distinguished Name
  (DN), which is generated from the BRIDGES portal,
  to make subsequent PERMIS based authorisation
  decisions, with more privileged roles achieving
  more privileged access.

• DyVOSE/ESP-GRID
• The DyVOSE project (Dynamic Virtual Organisations
  for e-Science Education) concerned the
  investigation of grid technology in the education
  domain, focusing initially on static privilege
  management infrastructures (PMIs) and latterly on
  dynamic PMIs. In phase 1 of DyVOSE, advanced MSc
  students at the University of Glasgow were asked
  to develop a Globus service wrapping a Condor
  program, which searched and sorted a large text
  file (The Complete Works of Shakespeare). The
  security involved splitting the students into
  teams and restricting access based based on their
  team membership, with a further separation of
  roles between students and lecturers.
• In phase 2 of DyVOSE, the focus was on dynamic VO
  establishment where students were required to
  develop a bioinformatics application which
  initially accessed a remote database in Edinburgh
  containing nucleotide/protein sequences. The
  roles and their associations with Glasgow
  students needed to access this database, were
  defined dynamically using enhancements to the
  PERMIS software.
• The ESP-GRID project added further value to these
  applications by introducing Shibboleth as the
  method by which authentication asserts identity
  within a federation set up by SDSS, and allocates
  the role, allowing the user access to the
  searching and sorting facility.
• These examples demonstrate the varied uses that
  Shibboleth can be put to and provide the flexible
  yet effective security demanded by dynamic grid
  environments.
• Demonstration URLs
• VOTES demo
• http//labpc-2.nesc.gla.ac.uk/gridsphere
• BRIDGES and DyVOSE demo
• http//pioneer.nesc.gla.ac.uk/gridsphere
• Contacts
• Prof. Richard Sinnott (r.sinnott_at_nesc.gla.ac.uk)
• Dr. John Watt (j.watt_at_nesc.gla.ac.uk)