The Australian BioCommons has partnered with the Australian Access Federation (AAF) to pilot the implementation of a federated identity and access management (IAM) framework to simplify the research process. BioCommons coordinates partner efforts across institutions to help build better-connected infrastructure for data analysis across life science research domains. The pilot was a successful collaboration with Children’s Cancer Institute Australia, University of Melbourne Centre for Cancer Research (UMCCR), and Zero Childhood Cancer Initiative.
By piloting advanced federated identity and collaborative group management using CILogon, we are trialling the GA4GH Passport/Visa standards to assure a researcher’s identity. The AAF helped BioCommons address access, authentication and security to minimise the amount of time necessary to access information, ensuring researchers have more time to get on with their life-saving research.
AAF provides proven and secure trust identity solutions along with the expertise to streamline the research process for research organisations, universities and independent research facilities across the globe.
Working with our stakeholders
The AAF conducted workshops with key stakeholders of the Australian BioCommons project to understand their challenges and explore potential solutions that address these challenges.
Professor Oliver Hofmann, Head of BioInformatics at UMCCR said, “Patient data sharing is still challenging in a clinical setting. Even in a research setting, it usually involves delays due to manual data access requests and establishing user credentials, delaying the time to provide clinical recommendations for new cancer patient cases. We are actively moving away from that situation by creating a ‘passport’ system.”
The federated IAM framework pilot uses CILogon as a passport broker. This provides an identifier repository, which significantly reduces the number of integration points between organisations. A passport broker working with visas (issued by data access committees) reduces the burden on direct integrations between services and enables research and clinical access with a single user identity.
Professor Hofmann explains that this simplifies the process for requesting access, “I can establish who is requesting data and easily identify them in a data access control system. [I can] confidently share only the relevant information, for example, just the somatic data for a specific cancer. A national (research) identifier system in Australia will benefit both patients and researchers.”
Privacy & Security
Working with the Children’s Cancer Institute, we spoke with the Computational Biology Group Leader and Associate Professor at UNSW Medicine, Mark Cowley.
Consistent with Professor Hofmann’s statements, Mark further elaborates that, “Genomic data sharing is difficult today. Despite being the leading cause of death in Australian children, childhood cancer remains a collection of rare diseases. There are 1000 newly diagnosed young Australians (under the age of 21) with cancer every year, which is too many, but not enough to make serious data-driven insights into the biology of each disease. To tackle childhood cancer, we have developed national and international collaborative networks where we need to share data seamlessly to find more insights into why these patients develop that disease and how to treat each patient better.
So, the high-level goal is to work out how we share data more easily while respecting the patient’s privacy, and use this information to understand childhood cancer and to treat each patient with the right treatment, at the right time.”
A data access control framework ensures privacy and security for highly sensitive data. This enables easier data sharing, both inside and between cloud and non-cloud services and data stores.
Implementing CILogon will change the way research is accessed, stored and secured, vastly improving the work researchers and institutes can achieve.
The creation of a more robust IAM framework is necessary to accommodate the needs of the project. Associate Director of Cyberinfrastructure at Australian BioCommons, Dr. Steven Manos explains, “Global data-intensive research is served by models that allow you to move your data around between different domains of ownership, legal, and infrastructure. You also need to carry around and interoperate identities. We need to invest in the ability to move around, and a single data centre does not help us do that.”
“Imagine if we elevated identity to that of first-class citizens of the research ecosystem like Cloud and HPC have been doing for 25 years? What would be possible with 50 experts in identity? The answer is a lot, but we just haven’t done it yet.”
The methodology and approach that best describes our pilot is an open ecosystem of interchangeable components talking to standardised APIs. APIs that are secured with robust identities combined with the automation of access decisions that require minimal human intervention.