[Go-essp-tech] Current status on CMIP5 security roles

Tue Jun 22 02:07:26 MDT 2010

Hello,

I can think of two possible reasons for collecting intended data usage
descriptions: 

(1) to check what people are doing;
(2) to create a directory of what people are doing.

Since we arte engaged in an open process, I would suggest the latter.
i.e. ask people to submit a description which will be displayed on a
public web page. If we set out to check descriptions I suspect we will
end up ignoring them when users start flooding in.

Cheers,
Martin

> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
> bounces at ucar.edu] On Behalf Of ag.stephens at stfc.ac.uk
> Sent: 22 June 2010 08:48
> To: taylor13 at llnl.gov; go-essp-tech at ucar.edu
> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> 
> Hi Karl et al,
> 
> I just wanted to pick up the issue of whether we ask users to state
> their intended usage of the CMIP5 data.
> 
> >>> Karl said:
> """
> I can't remember whether we will ask those registering to say what
they
> plan to do with the data.  Although we did this in the early stages
(at
> least) of CMIP3, I'm not sure with 1000's of users this serves much of
> a
> purpose.  Anyone think otherwise?
> """
> 
> I would argue that we (i.e. BADC) *do* need to record the proposed
> usage on the following grounds...
> 
> We have pulled in funding from multiple projects/sources to support
the
> CMIP5 effort and we will need to report usage to all of them. Some of
> the funders are supporting the core climate science but others have a
> greater interest in the climate impacts community. From my perspective
> it would therefore be invaluable to have a "proposed usage" field in
> the user database(s) so that we can categorise the usage in our
> reporting.
> 
> Bryan and Phil, please feel free to shout me down as expressing an
out-
> of-date viewpoint on this issue.
> 
> Thanks,
> 
> Ag
> 
> 
> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu on behalf of Karl Taylor
> Sent: Fri 6/18/2010 17:56
> To: go-essp-tech at ucar.edu
> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> 
> Hi all,
> 
> Coming in late to this discussion, I wonder what the purpose of the
> discussion is.  Is it simply to define the "controlled vocabulary"
> needed to distinguish between data made available under different
terms
> of use?  If so, then I suggest:
> 
> CMIP5_for_unrestricted_use
> CMIP5_for_non-commercial_research_and_educational_use_only
> 
> (or some abbreviated form of the above).  The acronyms AR5 and IPCC
> should only be used in connection with the assessment activity of
IPCC,
> not any research (or infrastructure support of research) carried out
> that might end up being assessed by the IPCC.  The IPCC would probably
> not want it to appear that it sponsors or drives the research that it
> will assess, and the WCRP's WGCM "owns" CMIP5 and should get credit
for
> this by having it referred to by its "brand" name (i.e., CMIP).
> 
> The WGCM insists on a registration procedure so that they will clearly
> know the terms of use, and this has the added benefit that we can
track
> usage better and also can contact users if necessary.  Those seeking
> data will have to register and sign one of the two options for "terms
> of
> use" described above.
> 
> I can't remember whether we will ask those registering to say what
they
> plan to do with the data.  Although we did this in the early stages
(at
> least) of CMIP3, I'm not sure with 1000's of users this serves much of
> a
> purpose.  Anyone think otherwise?
> 
> Best regards,
> Karl
> 
> 
> 
> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> > Hi all,
> >
> > I'm forwarding this discussion we've been having at the BADC about
> the CMIP5 access roles. We currently have the roles,
> >
> > AR5_Research
> > AR5_Commercial
> >
> > Ag would like to know more explicitly what these roles mean - see
his
> e-mail below...
> >
> > On a second point, Martin would like these roles names changed to,
> >
> > cmip5_rearch
> > cmip5_commercial
> >
> > To better reflect their purpose and the distinction from the AR5
> activity (his e-mail also see below...)
> >
> > Could someone comment - esp. from PCMDI?
> >
> > Thanks,
> > Phil
> >
> >
> >
> >
> >> -----Original Message-----
> >> From: Stephens, Ag (STFC,RAL,SSTD)
> >> Sent: 18 June 2010 12:44
> >> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
(STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Phil et al,
> >>
> >> Presumably the "commercial" and "research" roles limit access in
> some
> >> way.
> >>
> >> However, I would expect most common role to be "public" which
> implies:
> >>
> >>   * you still login with your OpenId
> >>
> >>   * but the data is available to all
> >>
> >>   * but because you logged in there is a log of what you have used
> >>
> >> Is that in the plan?
> >>
> >> Also, do you know if registration requires a description of the
> >> proposed usage of the data?
> >>
> >> Thanks,
> >>
> >> Ag
> >>
> >>
> >> -----Original Message-----
> >> From: Juckes, Martin (STFC,RAL,SSTD)
> >> Sent: Fri 6/18/2010 12:17
> >> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen
(STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hello Phil,
> >>
> >> A pedantic point: access to cmip5 should be controlled by a
> >> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep the
> >> distinction between CMIP5 (an evolving research archive) and AR5 (a
> >> reference archive consisting of a snapshot of CMIP5 archive
> contents)
> >> clear.
> >>
> >> A further question: if data is made available at BADC through our
> >> browser, on /badc/cmip5 or some equivalent, will this be covered by
> the
> >> same access control mechanism?
> >>
> >> cheers,
> >> Martin
> >>
> >>
> >> -----Original Message-----
> >> From: Kershaw, Philip (STFC,RAL,SSTD)
> >> Sent: Fri 18/06/2010 11:42
> >> To: Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
(STFC,RAL,SSTD);
> >> Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Ag,
> >>
> >> My understanding is that there are two roles under the authority of
> >> PCMDI which have federation wide scope:
> >>
> >> AR5_Research
> >> AR5_Commercial
> >>
> >> When I say, 'under the authority of', I mean users must register at
> >> PCMDI for these access roles.
> >>
> >> In addition, each institution can still secure datasets with their
> own
> >> roles specific to their institution.  For example, there may be
> cases
> >> where a policy marks a dataset as accessible via 'AR5_Research' or
> >> <some-institution-access-role>.
> >>
> >> Cheers,
> >> Phil
> >>
> >> Ref: http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-
> control-
> >> documents/ - 2.1.2. VO Attribute Value Agreements
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Stephens, Ag (STFC,RAL,SSTD)
> >>> Sent: 18 June 2010 11:31
> >>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
> (STFC,RAL,SSTD);
> >>> Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >>> Subject: Current status on CMIP5 security roles
> >>>
> >>> Hi Phil,
> >>>
> >>> I just wanted to enquire about the various security roles planned
> for
> >>> the CMIP5 archive.
> >>>
> >>> My simplistic view is that there will be:
> >>>
> >>>   * public - available to all
> >>>   * research_only
> >>>
> >>> However, I've heard it might be more complex that than. Do you
have
> >>>
> >> the
> >>
> >>> latest lowdown?
> >>>
> >>> Cheers,
> >>>
> >>> Ag
> >>>
> >>
> >
> 
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> 
> 
> 
> J
> --
> Scanned by iCritical.
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
-- 
Scanned by iCritical.