[Go-essp-tech] Current status on CMIP5 security roles

Mon Jun 21 01:50:48 MDT 2010

Hello Karl,

I think these names for use in the security software which will
generally not be seen by users, so it might be better to keep them short
an cryptic (though still correct, in the sense of replacing ar5 with
cmip5). Can Phil or anyone else comment on whether these names are
likely to be displayed to users when, for example, they apply for
authorisation?

Cheers,
Martin

> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
> bounces at ucar.edu] On Behalf Of Karl Taylor
> Sent: 18 June 2010 17:57
> To: go-essp-tech at ucar.edu
> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> 
> Hi all,
> 
> Coming in late to this discussion, I wonder what the purpose of the
> discussion is.  Is it simply to define the "controlled vocabulary"
> needed to distinguish between data made available under different
terms
> of use?  If so, then I suggest:
> 
> CMIP5_for_unrestricted_use
> CMIP5_for_non-commercial_research_and_educational_use_only
> 
> (or some abbreviated form of the above).  The acronyms AR5 and IPCC
> should only be used in connection with the assessment activity of
IPCC,
> not any research (or infrastructure support of research) carried out
> that might end up being assessed by the IPCC.  The IPCC would probably
> not want it to appear that it sponsors or drives the research that it
> will assess, and the WCRP's WGCM "owns" CMIP5 and should get credit
for
> this by having it referred to by its "brand" name (i.e., CMIP).
> 
> The WGCM insists on a registration procedure so that they will clearly
> know the terms of use, and this has the added benefit that we can
track
> usage better and also can contact users if necessary.  Those seeking
> data will have to register and sign one of the two options for "terms
> of
> use" described above.
> 
> I can't remember whether we will ask those registering to say what
they
> plan to do with the data.  Although we did this in the early stages
(at
> least) of CMIP3, I'm not sure with 1000's of users this serves much of
> a
> purpose.  Anyone think otherwise?
> 
> Best regards,
> Karl
> 
> 
> 
> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> > Hi all,
> >
> > I'm forwarding this discussion we've been having at the BADC about
> the CMIP5 access roles. We currently have the roles,
> >
> > AR5_Research
> > AR5_Commercial
> >
> > Ag would like to know more explicitly what these roles mean - see
his
> e-mail below...
> >
> > On a second point, Martin would like these roles names changed to,
> >
> > cmip5_rearch
> > cmip5_commercial
> >
> > To better reflect their purpose and the distinction from the AR5
> activity (his e-mail also see below...)
> >
> > Could someone comment - esp. from PCMDI?
> >
> > Thanks,
> > Phil
> >
> >
> >
> >
> >> -----Original Message-----
> >> From: Stephens, Ag (STFC,RAL,SSTD)
> >> Sent: 18 June 2010 12:44
> >> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
(STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Phil et al,
> >>
> >> Presumably the "commercial" and "research" roles limit access in
> some
> >> way.
> >>
> >> However, I would expect most common role to be "public" which
> implies:
> >>
> >>   * you still login with your OpenId
> >>
> >>   * but the data is available to all
> >>
> >>   * but because you logged in there is a log of what you have used
> >>
> >> Is that in the plan?
> >>
> >> Also, do you know if registration requires a description of the
> >> proposed usage of the data?
> >>
> >> Thanks,
> >>
> >> Ag
> >>
> >>
> >> -----Original Message-----
> >> From: Juckes, Martin (STFC,RAL,SSTD)
> >> Sent: Fri 6/18/2010 12:17
> >> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
(STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hello Phil,
> >>
> >> A pedantic point: access to cmip5 should be controlled by a
> >> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep the
> >> distinction between CMIP5 (an evolving research archive) and AR5 (a
> >> reference archive consisting of a snapshot of CMIP5 archive
> contents)
> >> clear.
> >>
> >> A further question: if data is made available at BADC through our
> >> browser, on /badc/cmip5 or some equivalent, will this be covered by
> the
> >> same access control mechanism?
> >>
> >> cheers,
> >> Martin
> >>
> >>
> >> -----Original Message-----
> >> From: Kershaw, Philip (STFC,RAL,SSTD)
> >> Sent: Fri 18/06/2010 11:42
> >> To: Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
(STFC,RAL,SSTD);
> >> Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Ag,
> >>
> >> My understanding is that there are two roles under the authority of
> >> PCMDI which have federation wide scope:
> >>
> >> AR5_Research
> >> AR5_Commercial
> >>
> >> When I say, 'under the authority of', I mean users must register at
> >> PCMDI for these access roles.
> >>
> >> In addition, each institution can still secure datasets with their
> own
> >> roles specific to their institution.  For example, there may be
> cases
> >> where a policy marks a dataset as accessible via 'AR5_Research' or
> >> <some-institution-access-role>.
> >>
> >> Cheers,
> >> Phil
> >>
> >> Ref: http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-
> control-
> >> documents/ - 2.1.2. VO Attribute Value Agreements
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Stephens, Ag (STFC,RAL,SSTD)
> >>> Sent: 18 June 2010 11:31
> >>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
> (STFC,RAL,SSTD);
> >>> Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >>> Subject: Current status on CMIP5 security roles
> >>>
> >>> Hi Phil,
> >>>
> >>> I just wanted to enquire about the various security roles planned
> for
> >>> the CMIP5 archive.
> >>>
> >>> My simplistic view is that there will be:
> >>>
> >>>   * public - available to all
> >>>   * research_only
> >>>
> >>> However, I've heard it might be more complex that than. Do you
have
> >>>
> >> the
> >>
> >>> latest lowdown?
> >>>
> >>> Cheers,
> >>>
> >>> Ag
> >>>
> >>
> >
> 
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
-- 
Scanned by iCritical.