[Go-essp-tech] Access control for data with different QC Level

Estanislao Gonzalez estanislao.gonzalez at zmaw.de
Mon Jul 19 09:59:26 MDT 2010 

Hi Luca,

to sum things up (and correct me Martina/Bryan if I'm wrong):

1) Published data have QC L1-Data "per se",  and will be available to a 
very selected group only (which doesn't seem to be the group you 
mention, but I might be wrong).
2) When acquiring QC L2 the data should be accessible to a broader 
although still confined group. This check will be performed by DKRZ and 
BADC and the information stored somewhere (not sure where though). Where 
BADC nor DKRZ have access to all data-nodes, so the information will be 
definitely be stored on some "neutral grounds" (CIM DB?).
3) QC L3 == DOI acquired == publication. At this stage data will be  
available to any registered user.

If I'm correct, then the security service must check "somehow" the QC 
level of the file in order to proceed with the authorization as it is 
currently implemented (thus comparing roles).

Any comments anyone?

Thanks,
Estani

Cinquini, Luca (3880) wrote:
> Hi Bryan, Martina,
> I agree that these issues need to be discussed better, but here are some considerations, which may in some cases only reflect my understanding:
>
> 1) we talked about the QC flag for Levels 2 and 3 to be set in the metaphor questionnaire, and be propagated through the atom feed to the gateways
>
> 2) I thought that in order not to delay data distribution, as soon as the data has QC level 1 (I.e. It has been processed by the publisher), it will available to registered users of the CMIP5 research and commercial groups
>
> 3) At this time there is nothing in the ESG access control model that toes the access attributes to the QC flags.
>
> Thanks, luca
>
>
>
>
> On Jul 19, 2010, at 7:39 AM, Bryan Lawrence <bryan.lawrence at stfc.ac.uk> wrote:
>
>   
>> Hi Martina
>>
>> We definitely need to formalise some of this, so thanks for bringing it 
>> up.
>>
>> What I had thought we were proposing was that L2 and L3 data have 
>> effectively the same restrictions ...
>>
>> ... but your fundamental point (I think) is how do we assign the QC, and 
>> how does the security software get that information? Ie what is the 
>> workflow that needs to exist. We do need to bottom that out.
>>
>> Thanks
>> Bryan
>>
>> On Monday 19 July 2010 13:43:59 Martina Stockhause wrote:
>>     
>>> Hi all,
>>>
>>> I had a little discussion with Estani about how the different and
>>> changing access constraints on the data depending on their QC levels
>>> are realized. It came out that we don't really know.
>>>
>>> We have on the one hand the user with a special role e.g.
>>> "scientific, non-commercial user", who has access to data on QC L3
>>> like every registered user and QC L2 because of his role. On the
>>> other hand, the data has a quality attribute (QC Level or QC Flag),
>>> which defines the access restriction of the data. For data access a
>>> mechanism has to check user role and data attribute, before access
>>> is granted or denied.
>>>
>>> How does the data get this quality attribute?
>>> How is the user role checked against this quality attribute?
>>>
>>> For QC L3 we don't need that mechanism, because every registered user
>>> has access to all CMIP5 data, but for QC L1 and L2 exist such access
>>> restrictions.
>>>
>>> Thanks a lot,
>>> Martina
>>>
>>>
>>> _______________________________________________
>>> GO-ESSP-TECH mailing list
>>> GO-ESSP-TECH at ucar.edu
>>> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>>>       
>> -- 
>> Bryan Lawrence
>> Director of Environmental Archival and Associated Research
>> (NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
>> STFC, Rutherford Appleton Laboratory
>> Phone +44 1235 445012; Fax ... 5848; 
>> Web: home.badc.rl.ac.uk/lawrence
>> _______________________________________________
>> GO-ESSP-TECH mailing list
>> GO-ESSP-TECH at ucar.edu
>> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>>     
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>   


-- 
Estanislao Gonzalez

Max-Planck-Institut für Meteorologie (MPI-M)
Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre
Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany

Phone:   +49 (40) 46 00 94-126
E-Mail:  estanislao.gonzalez at zmaw.de

More information about the GO-ESSP-TECH mailing list