[Go-essp-tech] Current status on CMIP5 security roles

Karl Taylor taylor13 at llnl.gov
Fri Jun 18 10:56:43 MDT 2010 

Hi all,

Coming in late to this discussion, I wonder what the purpose of the 
discussion is.  Is it simply to define the "controlled vocabulary" 
needed to distinguish between data made available under different terms 
of use?  If so, then I suggest:

CMIP5_for_unrestricted_use
CMIP5_for_non-commercial_research_and_educational_use_only

(or some abbreviated form of the above).  The acronyms AR5 and IPCC 
should only be used in connection with the assessment activity of IPCC, 
not any research (or infrastructure support of research) carried out 
that might end up being assessed by the IPCC.  The IPCC would probably 
not want it to appear that it sponsors or drives the research that it 
will assess, and the WCRP's WGCM "owns" CMIP5 and should get credit for 
this by having it referred to by its "brand" name (i.e., CMIP).

The WGCM insists on a registration procedure so that they will clearly 
know the terms of use, and this has the added benefit that we can track 
usage better and also can contact users if necessary.  Those seeking 
data will have to register and sign one of the two options for "terms of 
use" described above.

I can't remember whether we will ask those registering to say what they 
plan to do with the data.  Although we did this in the early stages (at 
least) of CMIP3, I'm not sure with 1000's of users this serves much of a 
purpose.  Anyone think otherwise?

Best regards,
Karl



On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> Hi all,
>
> I'm forwarding this discussion we've been having at the BADC about the CMIP5 access roles. We currently have the roles,
>
> AR5_Research
> AR5_Commercial
>
> Ag would like to know more explicitly what these roles mean - see his e-mail below...
>
> On a second point, Martin would like these roles names changed to,
>
> cmip5_rearch
> cmip5_commercial
>
> To better reflect their purpose and the distinction from the AR5 activity (his e-mail also see below...)
>
> Could someone comment - esp. from PCMDI?
>
> Thanks,
> Phil
>
>
>
>    
>> -----Original Message-----
>> From: Stephens, Ag (STFC,RAL,SSTD)
>> Sent: 18 June 2010 12:44
>> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip (STFC,RAL,SSTD)
>> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
>> Subject: RE: Current status on CMIP5 security roles
>>
>> Hi Phil et al,
>>
>> Presumably the "commercial" and "research" roles limit access in some
>> way.
>>
>> However, I would expect most common role to be "public" which implies:
>>
>>   * you still login with your OpenId
>>
>>   * but the data is available to all
>>
>>   * but because you logged in there is a log of what you have used
>>
>> Is that in the plan?
>>
>> Also, do you know if registration requires a description of the
>> proposed usage of the data?
>>
>> Thanks,
>>
>> Ag
>>
>>
>> -----Original Message-----
>> From: Juckes, Martin (STFC,RAL,SSTD)
>> Sent: Fri 6/18/2010 12:17
>> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
>> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
>> Subject: RE: Current status on CMIP5 security roles
>>
>> Hello Phil,
>>
>> A pedantic point: access to cmip5 should be controlled by a
>> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep the
>> distinction between CMIP5 (an evolving research archive) and AR5 (a
>> reference archive consisting of a snapshot of CMIP5 archive contents)
>> clear.
>>
>> A further question: if data is made available at BADC through our
>> browser, on /badc/cmip5 or some equivalent, will this be covered by the
>> same access control mechanism?
>>
>> cheers,
>> Martin
>>
>>
>> -----Original Message-----
>> From: Kershaw, Philip (STFC,RAL,SSTD)
>> Sent: Fri 18/06/2010 11:42
>> To: Stephens, Ag (STFC,RAL,SSTD)
>> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD);
>> Pascoe, Stephen (STFC,RAL,SSTD)
>> Subject: RE: Current status on CMIP5 security roles
>>
>> Hi Ag,
>>
>> My understanding is that there are two roles under the authority of
>> PCMDI which have federation wide scope:
>>
>> AR5_Research
>> AR5_Commercial
>>
>> When I say, 'under the authority of', I mean users must register at
>> PCMDI for these access roles.
>>
>> In addition, each institution can still secure datasets with their own
>> roles specific to their institution.  For example, there may be cases
>> where a policy marks a dataset as accessible via 'AR5_Research' or
>> <some-institution-access-role>.
>>
>> Cheers,
>> Phil
>>
>> Ref: http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-control-
>> documents/ - 2.1.2. VO Attribute Value Agreements
>>
>>
>>      
>>> -----Original Message-----
>>> From: Stephens, Ag (STFC,RAL,SSTD)
>>> Sent: 18 June 2010 11:31
>>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin (STFC,RAL,SSTD);
>>> Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
>>> Subject: Current status on CMIP5 security roles
>>>
>>> Hi Phil,
>>>
>>> I just wanted to enquire about the various security roles planned for
>>> the CMIP5 archive.
>>>
>>> My simplistic view is that there will be:
>>>
>>>   * public - available to all
>>>   * research_only
>>>
>>> However, I've heard it might be more complex that than. Do you have
>>>        
>> the
>>      
>>> latest lowdown?
>>>
>>> Cheers,
>>>
>>> Ag
>>>        
>>      
>

More information about the GO-ESSP-TECH mailing list