[Go-essp-tech] Current status on CMIP5 security roles

philip.kershaw at stfc.ac.uk philip.kershaw at stfc.ac.uk
Tue Jun 22 03:07:03 MDT 2010 

Hi Ag,

> I would argue that we (i.e. BADC) *do* need to record the proposed
> usage on the following grounds...
> 
> We have pulled in funding from multiple projects/sources to support the
> CMIP5 effort and we will need to report usage to all of them. Some of
> the funders are supporting the core climate science but others have a
> greater interest in the climate impacts community. From my perspective
> it would therefore be invaluable to have a "proposed usage" field in
> the user database(s) so that we can categorise the usage in our
> reporting.
> 
> Bryan and Phil, please feel free to shout me down as expressing an out-
> of-date viewpoint on this issue.

I don't think it matters from the point of view of the access control architecture.  As it stands, users will register for some cmip5 access attribute(s) at a web interface hosted by PCMDI.  PCMDI also hosts an Attribute Service which enables others services in the federation to query that a given user has registered with PCMDI for the given cmip5 access attribute(s).

Any additional information recorded at PCMDI during registration is out of band.  You might want to consider how the information is disseminated from PCMDI's record to the funders you mention.

Cheers,
Phil

> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
> bounces at ucar.edu] On Behalf Of ag.stephens at stfc.ac.uk
> Sent: 22 June 2010 08:48
> To: taylor13 at llnl.gov; go-essp-tech at ucar.edu
> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> 
> Hi Karl et al,
> 
> I just wanted to pick up the issue of whether we ask users to state
> their intended usage of the CMIP5 data.
> 
> >>> Karl said:
> """
> I can't remember whether we will ask those registering to say what they
> plan to do with the data.  Although we did this in the early stages (at
> least) of CMIP3, I'm not sure with 1000's of users this serves much of
> a
> purpose.  Anyone think otherwise?
> """
> 
> I would argue that we (i.e. BADC) *do* need to record the proposed
> usage on the following grounds...
> 
> We have pulled in funding from multiple projects/sources to support the
> CMIP5 effort and we will need to report usage to all of them. Some of
> the funders are supporting the core climate science but others have a
> greater interest in the climate impacts community. From my perspective
> it would therefore be invaluable to have a "proposed usage" field in
> the user database(s) so that we can categorise the usage in our
> reporting.
> 
> Bryan and Phil, please feel free to shout me down as expressing an out-
> of-date viewpoint on this issue.
> 
> Thanks,
> 
> Ag
> 
> 
> -----Original Message-----
> From: go-essp-tech-bounces at ucar.edu on behalf of Karl Taylor
> Sent: Fri 6/18/2010 17:56
> To: go-essp-tech at ucar.edu
> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
> 
> Hi all,
> 
> Coming in late to this discussion, I wonder what the purpose of the
> discussion is.  Is it simply to define the "controlled vocabulary"
> needed to distinguish between data made available under different terms
> of use?  If so, then I suggest:
> 
> CMIP5_for_unrestricted_use
> CMIP5_for_non-commercial_research_and_educational_use_only
> 
> (or some abbreviated form of the above).  The acronyms AR5 and IPCC
> should only be used in connection with the assessment activity of IPCC,
> not any research (or infrastructure support of research) carried out
> that might end up being assessed by the IPCC.  The IPCC would probably
> not want it to appear that it sponsors or drives the research that it
> will assess, and the WCRP's WGCM "owns" CMIP5 and should get credit for
> this by having it referred to by its "brand" name (i.e., CMIP).
> 
> The WGCM insists on a registration procedure so that they will clearly
> know the terms of use, and this has the added benefit that we can track
> usage better and also can contact users if necessary.  Those seeking
> data will have to register and sign one of the two options for "terms
> of
> use" described above.
> 
> I can't remember whether we will ask those registering to say what they
> plan to do with the data.  Although we did this in the early stages (at
> least) of CMIP3, I'm not sure with 1000's of users this serves much of
> a
> purpose.  Anyone think otherwise?
> 
> Best regards,
> Karl
> 
> 
> 
> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
> > Hi all,
> >
> > I'm forwarding this discussion we've been having at the BADC about
> the CMIP5 access roles. We currently have the roles,
> >
> > AR5_Research
> > AR5_Commercial
> >
> > Ag would like to know more explicitly what these roles mean - see his
> e-mail below...
> >
> > On a second point, Martin would like these roles names changed to,
> >
> > cmip5_rearch
> > cmip5_commercial
> >
> > To better reflect their purpose and the distinction from the AR5
> activity (his e-mail also see below...)
> >
> > Could someone comment - esp. from PCMDI?
> >
> > Thanks,
> > Phil
> >
> >
> >
> >
> >> -----Original Message-----
> >> From: Stephens, Ag (STFC,RAL,SSTD)
> >> Sent: 18 June 2010 12:44
> >> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Phil et al,
> >>
> >> Presumably the "commercial" and "research" roles limit access in
> some
> >> way.
> >>
> >> However, I would expect most common role to be "public" which
> implies:
> >>
> >>   * you still login with your OpenId
> >>
> >>   * but the data is available to all
> >>
> >>   * but because you logged in there is a log of what you have used
> >>
> >> Is that in the plan?
> >>
> >> Also, do you know if registration requires a description of the
> >> proposed usage of the data?
> >>
> >> Thanks,
> >>
> >> Ag
> >>
> >>
> >> -----Original Message-----
> >> From: Juckes, Martin (STFC,RAL,SSTD)
> >> Sent: Fri 6/18/2010 12:17
> >> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hello Phil,
> >>
> >> A pedantic point: access to cmip5 should be controlled by a
> >> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to keep the
> >> distinction between CMIP5 (an evolving research archive) and AR5 (a
> >> reference archive consisting of a snapshot of CMIP5 archive
> contents)
> >> clear.
> >>
> >> A further question: if data is made available at BADC through our
> >> browser, on /badc/cmip5 or some equivalent, will this be covered by
> the
> >> same access control mechanism?
> >>
> >> cheers,
> >> Martin
> >>
> >>
> >> -----Original Message-----
> >> From: Kershaw, Philip (STFC,RAL,SSTD)
> >> Sent: Fri 18/06/2010 11:42
> >> To: Stephens, Ag (STFC,RAL,SSTD)
> >> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD);
> >> Pascoe, Stephen (STFC,RAL,SSTD)
> >> Subject: RE: Current status on CMIP5 security roles
> >>
> >> Hi Ag,
> >>
> >> My understanding is that there are two roles under the authority of
> >> PCMDI which have federation wide scope:
> >>
> >> AR5_Research
> >> AR5_Commercial
> >>
> >> When I say, 'under the authority of', I mean users must register at
> >> PCMDI for these access roles.
> >>
> >> In addition, each institution can still secure datasets with their
> own
> >> roles specific to their institution.  For example, there may be
> cases
> >> where a policy marks a dataset as accessible via 'AR5_Research' or
> >> <some-institution-access-role>.
> >>
> >> Cheers,
> >> Phil
> >>
> >> Ref: http://*esg-pcmdi.llnl.gov/esgf/esgf-security-interface-
> control-
> >> documents/ - 2.1.2. VO Attribute Value Agreements
> >>
> >>
> >>
> >>> -----Original Message-----
> >>> From: Stephens, Ag (STFC,RAL,SSTD)
> >>> Sent: 18 June 2010 11:31
> >>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
> (STFC,RAL,SSTD);
> >>> Lawrence, Bryan (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
> >>> Subject: Current status on CMIP5 security roles
> >>>
> >>> Hi Phil,
> >>>
> >>> I just wanted to enquire about the various security roles planned
> for
> >>> the CMIP5 archive.
> >>>
> >>> My simplistic view is that there will be:
> >>>
> >>>   * public - available to all
> >>>   * research_only
> >>>
> >>> However, I've heard it might be more complex that than. Do you have
> >>>
> >> the
> >>
> >>> latest lowdown?
> >>>
> >>> Cheers,
> >>>
> >>> Ag
> >>>
> >>
> >
> 
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> 
> 
> 
> J
> --
> Scanned by iCritical.
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
-- 
Scanned by iCritical.

More information about the GO-ESSP-TECH mailing list