[Go-essp-tech] Current status on CMIP5 security roles

Michael Lautenschlager lautenschlager at dkrz.de
Mon Jun 21 08:45:40 MDT 2010 

Hello Bryan, Martin and Karl,

the discussion about access roles and rights fits quite well into open 
issues of our QC paper. We started the discussion a few weeks ago but 
did not come to an end. I would appreciate if we can discuss access 
roles and access rights tomorrow and if we separate CMIP5 and IPCC-AR5 
as Martin suggested. All these different aspects are connected with the 
envisaged quality control levels: spot checking and QC L1 up to L3.

My impression is that this discussion could be a good preparation for 
the security implementation telco the week afterwards.

Thanks and best wishes, Michael

martin.juckes at stfc.ac.uk schrieb:
> Hello Bryan, 
> 
> Is that a single role ("CMIP5_testing") giving access to all people
> authorised by the collection of modelling centres or multiple roles
> ("CMIP5_testing_mohc", "CMIP5_testing_ncar", etc)? 
> 
> Cheers,
> Martin
> 
>> -----Original Message-----
>> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
>> bounces at ucar.edu] On Behalf Of Bryan Lawrence
>> Sent: 21 June 2010 14:28
>> To: go-essp-tech at ucar.edu; Karl Taylor
>> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
>>
>> hi Karl
>>
>> Where are we on defining the scope of availability of qc level one
>> data.
>> When we've talked, we've been suggesting it should be "mates only". I
>> think the two access controls we're listing below are for qc level 2
>> data.
>>
>> We need to make a decision about this. I'm recommending that we have
> an
>> additional level of access control: CMIP5_testing, which is given only
>> to those explicitly authorised by the originating modelling centre,
> and
>> applies to qc level one data.
>>
>> I'm happy for this to be vetoed, but I get the impression that a
> number
>> of centres like this idea.
>>
>> However, if we're going to do that, we need to make a decision asap.
>>
>> Cheers
>> Bryan
>>
>> On Friday 18 Jun 2010 17:56:43 Karl Taylor wrote:
>>> Hi all,
>>>
>>> Coming in late to this discussion, I wonder what the purpose of the
>>> discussion is.  Is it simply to define the "controlled vocabulary"
>>> needed to distinguish between data made available under different
>>>  terms of use?  If so, then I suggest:
>>>
>>> CMIP5_for_unrestricted_use
>>> CMIP5_for_non-commercial_research_and_educational_use_only
>>>
>>> (or some abbreviated form of the above).  The acronyms AR5 and IPCC
>>> should only be used in connection with the assessment activity of
>>>  IPCC, not any research (or infrastructure support of research)
>>>  carried out that might end up being assessed by the IPCC.  The IPCC
>>>  would probably not want it to appear that it sponsors or drives the
>>>  research that it will assess, and the WCRP's WGCM "owns" CMIP5 and
>>>  should get credit for this by having it referred to by its "brand"
>>>  name (i.e., CMIP).
>>>
>>> The WGCM insists on a registration procedure so that they will
>>>  clearly know the terms of use, and this has the added benefit that
>>>  we can track usage better and also can contact users if necessary.
>>>  Those seeking data will have to register and sign one of the two
>>>  options for "terms of use" described above.
>>>
>>> I can't remember whether we will ask those registering to say what
>>>  they plan to do with the data.  Although we did this in the early
>>>  stages (at least) of CMIP3, I'm not sure with 1000's of users this
>>>  serves much of a purpose.  Anyone think otherwise?
>>>
>>> Best regards,
>>> Karl
>>>
>>> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
>>>> Hi all,
>>>>
>>>> I'm forwarding this discussion we've been having at the BADC about
>>>> the CMIP5 access roles. We currently have the roles,
>>>>
>>>> AR5_Research
>>>> AR5_Commercial
>>>>
>>>> Ag would like to know more explicitly what these roles mean - see
>>>> his e-mail below...
>>>>
>>>> On a second point, Martin would like these roles names changed to,
>>>>
>>>> cmip5_rearch
>>>> cmip5_commercial
>>>>
>>>> To better reflect their purpose and the distinction from the AR5
>>>> activity (his e-mail also see below...)
>>>>
>>>> Could someone comment - esp. from PCMDI?
>>>>
>>>> Thanks,
>>>> Phil
>>>>
>>>>> -----Original Message-----
>>>>> From: Stephens, Ag (STFC,RAL,SSTD)
>>>>> Sent: 18 June 2010 12:44
>>>>> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip
>>>>> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
>>>>> Stephen (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5
>>>>> security roles
>>>>>
>>>>> Hi Phil et al,
>>>>>
>>>>> Presumably the "commercial" and "research" roles limit access in
>>>>> some way.
>>>>>
>>>>> However, I would expect most common role to be "public" which
>>>>> implies:
>>>>>
>>>>>   * you still login with your OpenId
>>>>>
>>>>>   * but the data is available to all
>>>>>
>>>>>   * but because you logged in there is a log of what you have
> used
>>>>> Is that in the plan?
>>>>>
>>>>> Also, do you know if registration requires a description of the
>>>>> proposed usage of the data?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Ag
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Juckes, Martin (STFC,RAL,SSTD)
>>>>> Sent: Fri 6/18/2010 12:17
>>>>> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
>>>>> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
>>>>> (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5 security
>>>>> roles
>>>>>
>>>>> Hello Phil,
>>>>>
>>>>> A pedantic point: access to cmip5 should be controlled by a
>>>>> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep
>>>>> the distinction between CMIP5 (an evolving research archive) and
>>>>> AR5 (a reference archive consisting of a snapshot of CMIP5
> archive
>>>>> contents) clear.
>>>>>
>>>>> A further question: if data is made available at BADC through our
>>>>> browser, on /badc/cmip5 or some equivalent, will this be covered
>>>>> by the same access control mechanism?
>>>>>
>>>>> cheers,
>>>>> Martin
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Kershaw, Philip (STFC,RAL,SSTD)
>>>>> Sent: Fri 18/06/2010 11:42
>>>>> To: Stephens, Ag (STFC,RAL,SSTD)
>>>>> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
>>>>> (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
>>>>> Subject: RE: Current status on CMIP5 security roles
>>>>>
>>>>> Hi Ag,
>>>>>
>>>>> My understanding is that there are two roles under the authority
>>>>> of PCMDI which have federation wide scope:
>>>>>
>>>>> AR5_Research
>>>>> AR5_Commercial
>>>>>
>>>>> When I say, 'under the authority of', I mean users must register
>>>>> at PCMDI for these access roles.
>>>>>
>>>>> In addition, each institution can still secure datasets with
> their
>>>>> own roles specific to their institution.  For example, there may
>>>>> be cases where a policy marks a dataset as accessible via
>>>>> 'AR5_Research' or <some-institution-access-role>.
>>>>>
>>>>> Cheers,
>>>>> Phil
>>>>>
>>>>> Ref:
>>>>> http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-control-
>>>>> documents/ - 2.1.2. VO Attribute Value Agreements
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Stephens, Ag (STFC,RAL,SSTD)
>>>>>> Sent: 18 June 2010 11:31
>>>>>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
>>>>>> (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
> Stephen
>>>>>> (STFC,RAL,SSTD) Subject: Current status on CMIP5 security roles
>>>>>>
>>>>>> Hi Phil,
>>>>>>
>>>>>> I just wanted to enquire about the various security roles
> planned
>>>>>> for the CMIP5 archive.
>>>>>>
>>>>>> My simplistic view is that there will be:
>>>>>>
>>>>>>   * public - available to all
>>>>>>   * research_only
>>>>>>
>>>>>> However, I've heard it might be more complex that than. Do you
>>>>>> have
>>>>> the
>>>>>
>>>>>> latest lowdown?
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Ag
>>> _______________________________________________
>>> GO-ESSP-TECH mailing list
>>> GO-ESSP-TECH at ucar.edu
>>> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>>>
>> --
>> Bryan Lawrence
>> Director of Environmental Archival and Associated Research
>> (NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
>> STFC, Rutherford Appleton Laboratory
>> Phone +44 1235 445012; Fax ... 5848;
>> Web: home.badc.rl.ac.uk/lawrence
>> _______________________________________________
>> GO-ESSP-TECH mailing list
>> GO-ESSP-TECH at ucar.edu
>> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech

More information about the GO-ESSP-TECH mailing list