[Go-essp-tech] Current status on CMIP5 security roles

Bryan Lawrence bryan.lawrence at stfc.ac.uk
Mon Jun 21 07:28:12 MDT 2010 

hi Karl

Where are we on defining the scope of availability of qc level one data. 
When we've talked, we've been suggesting it should be "mates only". I 
think the two access controls we're listing below are for qc level 2 
data.

We need to make a decision about this. I'm recommending that we have an 
additional level of access control: CMIP5_testing, which is given only 
to those explicitly authorised by the originating modelling centre, and 
applies to qc level one data.

I'm happy for this to be vetoed, but I get the impression that a number 
of centres like this idea.

However, if we're going to do that, we need to make a decision asap.

Cheers
Bryan

On Friday 18 Jun 2010 17:56:43 Karl Taylor wrote:
> Hi all,
> 
> Coming in late to this discussion, I wonder what the purpose of the
> discussion is.  Is it simply to define the "controlled vocabulary"
> needed to distinguish between data made available under different
>  terms of use?  If so, then I suggest:
> 
> CMIP5_for_unrestricted_use
> CMIP5_for_non-commercial_research_and_educational_use_only
> 
> (or some abbreviated form of the above).  The acronyms AR5 and IPCC
> should only be used in connection with the assessment activity of
>  IPCC, not any research (or infrastructure support of research)
>  carried out that might end up being assessed by the IPCC.  The IPCC
>  would probably not want it to appear that it sponsors or drives the
>  research that it will assess, and the WCRP's WGCM "owns" CMIP5 and
>  should get credit for this by having it referred to by its "brand"
>  name (i.e., CMIP).
> 
> The WGCM insists on a registration procedure so that they will
>  clearly know the terms of use, and this has the added benefit that
>  we can track usage better and also can contact users if necessary. 
>  Those seeking data will have to register and sign one of the two
>  options for "terms of use" described above.
> 
> I can't remember whether we will ask those registering to say what
>  they plan to do with the data.  Although we did this in the early
>  stages (at least) of CMIP3, I'm not sure with 1000's of users this
>  serves much of a purpose.  Anyone think otherwise?
> 
> Best regards,
> Karl
> 
> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> > Hi all,
> >
> > I'm forwarding this discussion we've been having at the BADC about
> > the CMIP5 access roles. We currently have the roles,
> >
> > AR5_Research
> > AR5_Commercial
> >
> > Ag would like to know more explicitly what these roles mean - see
> > his e-mail below...
> >
> > On a second point, Martin would like these roles names changed to,
> >
> > cmip5_rearch
> > cmip5_commercial
> >
> > To better reflect their purpose and the distinction from the AR5
> > activity (his e-mail also see below...)
> >
> > Could someone comment - esp. from PCMDI?
> >
> > Thanks,
> > Phil
> >
> >> -----Original Message-----
> >> From: Stephens, Ag (STFC,RAL,SSTD)
> >> Sent: 18 June 2010 12:44
> >> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip
> >> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
> >> Stephen (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5
> >> security roles
> >>
> >> Hi Phil et al,
> >>
> >> Presumably the "commercial" and "research" roles limit access in
> >> some way.
> >>
> >> However, I would expect most common role to be "public" which
> >> implies:
> >>
> >>   * you still login with your OpenId
> >>
> >>   * but the data is available to all
> >>
> >>   * but because you logged in there is a log of what you have used
> >>
> >> Is that in the plan?
> >>
> >> Also, do you know if registration requires a description of the
> >> proposed usage of the data?
> >>
> >> Thanks,
> >>
> >> Ag
> >>
> >>
> >> -----Original Message-----
> >> From: Juckes, Martin (STFC,RAL,SSTD)
> >> Sent: Fri 6/18/2010 12:17
> >> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
> >> (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5 security
> >> roles
> >>
> >> Hello Phil,
> >>
> >> A pedantic point: access to cmip5 should be controlled by a
> >> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep
> >> the distinction between CMIP5 (an evolving research archive) and
> >> AR5 (a reference archive consisting of a snapshot of CMIP5 archive
> >> contents) clear.
> >>
> >> A further question: if data is made available at BADC through our
> >> browser, on /badc/cmip5 or some equivalent, will this be covered
> >> by the same access control mechanism?
> >>
> >> cheers,
> >> Martin
> >>
> >>
> >> -----Original Message-----
> >> From: Kershaw, Philip (STFC,RAL,SSTD)
> >> Sent: Fri 18/06/2010 11:42
> >> To: Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
> >> (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Ag,
> >>
> >> My understanding is that there are two roles under the authority
> >> of PCMDI which have federation wide scope:
> >>
> >> AR5_Research
> >> AR5_Commercial
> >>
> >> When I say, 'under the authority of', I mean users must register
> >> at PCMDI for these access roles.
> >>
> >> In addition, each institution can still secure datasets with their
> >> own roles specific to their institution.  For example, there may
> >> be cases where a policy marks a dataset as accessible via
> >> 'AR5_Research' or <some-institution-access-role>.
> >>
> >> Cheers,
> >> Phil
> >>
> >> Ref:
> >> http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-control-
> >> documents/ - 2.1.2. VO Attribute Value Agreements
> >>
> >>> -----Original Message-----
> >>> From: Stephens, Ag (STFC,RAL,SSTD)
> >>> Sent: 18 June 2010 11:31
> >>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
> >>> (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
> >>> (STFC,RAL,SSTD) Subject: Current status on CMIP5 security roles
> >>>
> >>> Hi Phil,
> >>>
> >>> I just wanted to enquire about the various security roles planned
> >>> for the CMIP5 archive.
> >>>
> >>> My simplistic view is that there will be:
> >>>
> >>>   * public - available to all
> >>>   * research_only
> >>>
> >>> However, I've heard it might be more complex that than. Do you
> >>> have
> >>
> >> the
> >>
> >>> latest lowdown?
> >>>
> >>> Cheers,
> >>>
> >>> Ag
> 
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> 

-- 
Bryan Lawrence
Director of Environmental Archival and Associated Research
(NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
STFC, Rutherford Appleton Laboratory
Phone +44 1235 445012; Fax ... 5848; 
Web: home.badc.rl.ac.uk/lawrence

More information about the GO-ESSP-TECH mailing list