[Go-essp-tech] Current status on CMIP5 security roles

Bryan Lawrence bryan.lawrence at stfc.ac.uk
Mon Jun 21 09:50:53 MDT 2010 

On Monday 21 Jun 2010 14:53:55 Juckes, Martin (STFC,RAL,SSTD) wrote:
> Hello Bryan,
> 
> Is that a single role ("CMIP5_testing") giving access to all people
> authorised by the collection of modelling centres or multiple roles
> ("CMIP5_testing_mohc", "CMIP5_testing_ncar", etc)?

I' m agnostic. Either. The first is simpler, and probably would be 
acceptable - but might look like "restricting to WG1" again.
Cheers
Bryan


> Cheers,
> Martin
> 
> > -----Original Message-----
> > From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
> > bounces at ucar.edu] On Behalf Of Bryan Lawrence
> > Sent: 21 June 2010 14:28
> > To: go-essp-tech at ucar.edu; Karl Taylor
> > Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> >
> > hi Karl
> >
> > Where are we on defining the scope of availability of qc level one
> > data.
> > When we've talked, we've been suggesting it should be "mates only".
> > I think the two access controls we're listing below are for qc
> > level 2 data.
> >
> > We need to make a decision about this. I'm recommending that we
> > have
> 
> an
> 
> > additional level of access control: CMIP5_testing, which is given
> > only to those explicitly authorised by the originating modelling
> > centre,
> 
> and
> 
> > applies to qc level one data.
> >
> > I'm happy for this to be vetoed, but I get the impression that a
> 
> number
> 
> > of centres like this idea.
> >
> > However, if we're going to do that, we need to make a decision
> > asap.
> >
> > Cheers
> > Bryan
> >
> > On Friday 18 Jun 2010 17:56:43 Karl Taylor wrote:
> > > Hi all,
> > >
> > > Coming in late to this discussion, I wonder what the purpose of
> > > the discussion is.  Is it simply to define the "controlled
> > > vocabulary" needed to distinguish between data made available
> > > under different terms of use?  If so, then I suggest:
> > >
> > > CMIP5_for_unrestricted_use
> > > CMIP5_for_non-commercial_research_and_educational_use_only
> > >
> > > (or some abbreviated form of the above).  The acronyms AR5 and
> > > IPCC should only be used in connection with the assessment
> > > activity of IPCC, not any research (or infrastructure support of
> > > research) carried out that might end up being assessed by the
> > > IPCC.  The IPCC would probably not want it to appear that it
> > > sponsors or drives the research that it will assess, and the
> > > WCRP's WGCM "owns" CMIP5 and should get credit for this by having
> > > it referred to by its "brand" name (i.e., CMIP).
> > >
> > > The WGCM insists on a registration procedure so that they will
> > >  clearly know the terms of use, and this has the added benefit
> > > that we can track usage better and also can contact users if
> > > necessary. Those seeking data will have to register and sign one
> > > of the two options for "terms of use" described above.
> > >
> > > I can't remember whether we will ask those registering to say
> > > what they plan to do with the data.  Although we did this in the
> > > early stages (at least) of CMIP3, I'm not sure with 1000's of
> > > users this serves much of a purpose.  Anyone think otherwise?
> > >
> > > Best regards,
> > > Karl
> > >
> > > On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> > > > Hi all,
> > > >
> > > > I'm forwarding this discussion we've been having at the BADC
> > > > about the CMIP5 access roles. We currently have the roles,
> > > >
> > > > AR5_Research
> > > > AR5_Commercial
> > > >
> > > > Ag would like to know more explicitly what these roles mean -
> > > > see his e-mail below...
> > > >
> > > > On a second point, Martin would like these roles names changed
> > > > to,
> > > >
> > > > cmip5_rearch
> > > > cmip5_commercial
> > > >
> > > > To better reflect their purpose and the distinction from the
> > > > AR5 activity (his e-mail also see below...)
> > > >
> > > > Could someone comment - esp. from PCMDI?
> > > >
> > > > Thanks,
> > > > Phil
> > > >
> > > >> -----Original Message-----
> > > >> From: Stephens, Ag (STFC,RAL,SSTD)
> > > >> Sent: 18 June 2010 12:44
> > > >> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip
> > > >> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
> > > >> Stephen (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5
> > > >> security roles
> > > >>
> > > >> Hi Phil et al,
> > > >>
> > > >> Presumably the "commercial" and "research" roles limit access
> > > >> in some way.
> > > >>
> > > >> However, I would expect most common role to be "public" which
> > > >> implies:
> > > >>
> > > >>   * you still login with your OpenId
> > > >>
> > > >>   * but the data is available to all
> > > >>
> > > >>   * but because you logged in there is a log of what you have
> 
> used
> 
> > > >> Is that in the plan?
> > > >>
> > > >> Also, do you know if registration requires a description of
> > > >> the proposed usage of the data?
> > > >>
> > > >> Thanks,
> > > >>
> > > >> Ag
> > > >>
> > > >>
> > > >> -----Original Message-----
> > > >> From: Juckes, Martin (STFC,RAL,SSTD)
> > > >> Sent: Fri 6/18/2010 12:17
> > > >> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag
> > > >> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
> > > >> Stephen
> > > >> (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5 security
> > > >> roles
> > > >>
> > > >> Hello Phil,
> > > >>
> > > >> A pedantic point: access to cmip5 should be controlled by a
> > > >> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to
> > > >> keep the distinction between CMIP5 (an evolving research
> > > >> archive) and AR5 (a reference archive consisting of a snapshot
> > > >> of CMIP5
> 
> archive
> 
> > > >> contents) clear.
> > > >>
> > > >> A further question: if data is made available at BADC through
> > > >> our browser, on /badc/cmip5 or some equivalent, will this be
> > > >> covered by the same access control mechanism?
> > > >>
> > > >> cheers,
> > > >> Martin
> > > >>
> > > >>
> > > >> -----Original Message-----
> > > >> From: Kershaw, Philip (STFC,RAL,SSTD)
> > > >> Sent: Fri 18/06/2010 11:42
> > > >> To: Stephens, Ag (STFC,RAL,SSTD)
> > > >> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
> > > >> (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> > > >> Subject: RE: Current status on CMIP5 security roles
> > > >>
> > > >> Hi Ag,
> > > >>
> > > >> My understanding is that there are two roles under the
> > > >> authority of PCMDI which have federation wide scope:
> > > >>
> > > >> AR5_Research
> > > >> AR5_Commercial
> > > >>
> > > >> When I say, 'under the authority of', I mean users must
> > > >> register at PCMDI for these access roles.
> > > >>
> > > >> In addition, each institution can still secure datasets with
> 
> their
> 
> > > >> own roles specific to their institution.  For example, there
> > > >> may be cases where a policy marks a dataset as accessible via
> > > >> 'AR5_Research' or <some-institution-access-role>.
> > > >>
> > > >> Cheers,
> > > >> Phil
> > > >>
> > > >> Ref:
> > > >> http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-contro
> > > >>l- documents/ - 2.1.2. VO Attribute Value Agreements
> > > >>
> > > >>> -----Original Message-----
> > > >>> From: Stephens, Ag (STFC,RAL,SSTD)
> > > >>> Sent: 18 June 2010 11:31
> > > >>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
> > > >>> (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
> 
> Stephen
> 
> > > >>> (STFC,RAL,SSTD) Subject: Current status on CMIP5 security
> > > >>> roles
> > > >>>
> > > >>> Hi Phil,
> > > >>>
> > > >>> I just wanted to enquire about the various security roles
> 
> planned
> 
> > > >>> for the CMIP5 archive.
> > > >>>
> > > >>> My simplistic view is that there will be:
> > > >>>
> > > >>>   * public - available to all
> > > >>>   * research_only
> > > >>>
> > > >>> However, I've heard it might be more complex that than. Do
> > > >>> you have
> > > >>
> > > >> the
> > > >>
> > > >>> latest lowdown?
> > > >>>
> > > >>> Cheers,
> > > >>>
> > > >>> Ag
> > >
> > > _______________________________________________
> > > GO-ESSP-TECH mailing list
> > > GO-ESSP-TECH at ucar.edu
> > > http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> >
> > --
> > Bryan Lawrence
> > Director of Environmental Archival and Associated Research
> > (NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
> > STFC, Rutherford Appleton Laboratory
> > Phone +44 1235 445012; Fax ... 5848;
> > Web: home.badc.rl.ac.uk/lawrence
> > _______________________________________________
> > GO-ESSP-TECH mailing list
> > GO-ESSP-TECH at ucar.edu
> > http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> 

-- 
Bryan Lawrence
Director of Environmental Archival and Associated Research
(NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
STFC, Rutherford Appleton Laboratory
Phone +44 1235 445012; Fax ... 5848; 
Web: home.badc.rl.ac.uk/lawrence

More information about the GO-ESSP-TECH mailing list