A. Generic
1.Which Research Infrastructure (RI) are you representing?
DARIAH is just one of the RIs in SSHOC cluster. https://www.sshopencloud.eu/news/sshoc-ssh-open-cluster This interview will focus on Dariah, but we can habe a bit of feedback about all the social and humatiy sciences.
Perhaps we could invite one more from this cluster. Some of them are dealing with sensitive data - such as data about minors. Social survey ones : ESS, GGP, GUIDE (senstive data about minors), SHARE - this would be interesting group to do as they have restrictions.
https://science-clusters.eu/ There are 5 clusters ..
2. Which field of science are you serving ? (Frascati manual of Fields of Research and Development (FORD)) (can we compile a list!?)
Humanities and the arts (6. from the Frascati chart)
3. Please provide description about the research infrastructure (e.g. which kind of infrastructure and related services are delivered and by whoom, is there a formalised collaboration etc.)
DARIAH is an ERIC, 2014 was formally established. EU legal entity, 20+ countries. Each member state has its own consortium. Also cooperating partners in non-member countries. (also not EU partners)
A distributed architecture. https://www.dariah.eu/tools-services/tools-and-services/ Services are provided by the DARIAH members.
AAI as less as ppossible - as open as possible.
AAI mostly for admin access
Legal base is in .fr and technical coordination is in .de
SSHOC market place tools and services - management also at DARIAH
4. Please provide description of the user audience - type of users (research, citizen scientists, industry users), number of users, distribution over the globe and organisations
users - not used terminology
researchers - used terminology
Users are mostly researchers, mostly EU, but also beyond.
Citizen scientists, yes in certain extent they want to support them. In terms of access they need to be checked additionally for identity, by helpdesk.
minimal number of industry users - cooperation wiith SME companies e.g. https://nodegoat.net/
potential user base estimated to 500.000. As much of the access is open without authentication, it is difficult to measure.
registered users: GDWG can know?
5. Is the RI member of European Open Science Cloud (EOSC) Association?
YES -member
EOSC Node - portential contributor
SSHOC Marker place- funnel services for EOSC Market place
6. Is the RI participating in Citizen Science Programmes or other initiatives or programmes?
national levels might happens
B. AAI solution
1.Describe the currently running solution for authentication and authorisation infrastructure (AAI).( Which specific authentication methods being used to cater for different user audience (e.g Institutional accounts (eduGAIN), ORCID, Social media, Others - please specify))
DARIAH AAI
2.Is your AAI solution compliant to AARC BPA (blueprint architecture)?
Yes
3.Which AARC guidelines are you implementing? (add the table... )
- YES / NO - Guidelines for expressing community user identifiers (AARC-G026)
- YES / NO - Guidelines on expressing group membership and role information (AARC-G002) (superseded by AARC-G069)
- YES / NO - Guidelines on expressing group membership and role information (AARC-G069)
- YES / NO - Specification for expressing resource capabilities (AARC-G027)
- YES / NO - Guidelines for expressing affiliation information (AARC-G025)
- YES / NO - Inferring and constructing voPersonExternalAffiliation (AARC-G057)
- YES / NO - Exchange of specific assurance information between Infrastructure (AARC-G021)
- YES / NO - Guidelines for evaluating the combined assurance of linked identities (AARC-G031)
- YES / NO - A specification for IdP hinting (AARC-G049) (superseded by AARC-G061)
- YES / NO - A specification for IdP hinting (AARC-G061)
- YES / NO - Specification for hinting an IdP which discovery service to use (AARC-G062)
- YES / NO - A specification for providing information about an end service (AARC-G063)
- YES / NO - Guidelines for Secure Operation of Attribute Authorities (AARC-G071)
4.What is your comments about BPA implementation? (challenges in implementation, challenges in clarity, technical difficulties etc.)
management level guide needed
Help of Christos - explaining the concepts
Too technical documentations - several different people -"interpretation" is needed. They are to difficult to comprehend, understand where to start and how to implement them.
https://docs.google.com/document/d/15JUk6Q3ko8Rb8AGSZay_n645pwg0VPyW/edit?usp=sharing&ouid=115020870043056556446&rtpof=true&sd=true , look and appendix A and video
C. Policy for access management
1.Does the Research Infrastructures have an access policy? (the access policy governs who can access the infrastructure, under what conditions)
DARIAH.DE page somewhere? goal: improve the DARIAH AAI part - improve compliance
develop phases? to better understand concepts gradually
conceptual → making practical
2. Is there a formalised procedure to manage access rights to services (e.g. cooperation agreement, call for application and evaluation, ad-hoc individual order/access, member of an organisation, etc.)?
no other auhorisation / except DARIAH de / check with GWDG
3. What are the requirements for identification of the users (e.g. required information, LoA, authentication method)?
https://doc.de.dariah.eu/DARIAH-AAI-Documentation/ - check this
check with GWDG. very likely eduGAIN trust fabric only.
4. How do you implement the policy for access management (e.g. how is the individual who can access the research research data/measurement data/your research instrument identified and authorised)?
see point C.3 reference also
check required attriibutes
D. Security
1.Is there a GDPR Data Controller designated for the AAI?
https://doc.de.dariah.eu/Code-of-Conduct-for-DARIAH-Services/
might be need clarification about controleer and processor roles
2.Has the AAI designated a security contact to handle security incidents?
yes
https://aaiproxy.de.dariah.eu/idp/shibboleth
3.Does the AAI adhere to SIRTFI or other recognised security frameworks?
NO (SIRTFI)
E. Workflow
1. Can you describe the research workflows?
per researcher / different
workflow: https://marketplace.sshopencloud.eu/search?categories=workflow
presentation: https://docs.google.com/presentation/d/11cirn_8PZrTudQ37vNpsCud7aWJcuNajImInZpgtuWY/edit?usp=sharing
slide 9
to control access
copyright - - researcher open
licenses -
analyse/conpute - local - expectation from EuroHPC
- juniper notebook
F. Requirements
1.Can you describe further requirements, gaps and challenges?
implementation - which packages / tools available ?
tried and tested software can work
policy templates
AAI in case of security attacks - how is it related cybersecurity
operational practices