[Go-essp-tech] Current status on CMIP5 security roles

Bob Drach drach1 at llnl.gov
Wed Jun 23 11:42:03 MDT 2010 

The single role seems reasonable. The important thing is that  
researchers who are in a position to correctly interpret the data,  
even if it's not fully QC'ed,  have access to the data with minimal  
delay. That's not quite the same thing a 'restricting to WG1 IMO.

Bob

On Jun 21, 2010, at 8:50 AM, Bryan Lawrence wrote:

> On Monday 21 Jun 2010 14:53:55 Juckes, Martin (STFC,RAL,SSTD) wrote:
>> Hello Bryan,
>>
>> Is that a single role ("CMIP5_testing") giving access to all people
>> authorised by the collection of modelling centres or multiple roles
>> ("CMIP5_testing_mohc", "CMIP5_testing_ncar", etc)?
>
> I' m agnostic. Either. The first is simpler, and probably would be
> acceptable - but might look like "restricting to WG1" again.
> Cheers
> Bryan
>
>
>> Cheers,
>> Martin
>>
>>> -----Original Message-----
>>> From: go-essp-tech-bounces at ucar.edu [mailto:go-essp-tech-
>>> bounces at ucar.edu] On Behalf Of Bryan Lawrence
>>> Sent: 21 June 2010 14:28
>>> To: go-essp-tech at ucar.edu; Karl Taylor
>>> Subject: Re: [Go-essp-tech] Current status on CMIP5 security roles
>>>
>>> hi Karl
>>>
>>> Where are we on defining the scope of availability of qc level one
>>> data.
>>> When we've talked, we've been suggesting it should be "mates only".
>>> I think the two access controls we're listing below are for qc
>>> level 2 data.
>>>
>>> We need to make a decision about this. I'm recommending that we
>>> have
>>
>> an
>>
>>> additional level of access control: CMIP5_testing, which is given
>>> only to those explicitly authorised by the originating modelling
>>> centre,
>>
>> and
>>
>>> applies to qc level one data.
>>>
>>> I'm happy for this to be vetoed, but I get the impression that a
>>
>> number
>>
>>> of centres like this idea.
>>>
>>> However, if we're going to do that, we need to make a decision
>>> asap.
>>>
>>> Cheers
>>> Bryan
>>>
>>> On Friday 18 Jun 2010 17:56:43 Karl Taylor wrote:
>>>> Hi all,
>>>>
>>>> Coming in late to this discussion, I wonder what the purpose of
>>>> the discussion is.  Is it simply to define the "controlled
>>>> vocabulary" needed to distinguish between data made available
>>>> under different terms of use?  If so, then I suggest:
>>>>
>>>> CMIP5_for_unrestricted_use
>>>> CMIP5_for_non-commercial_research_and_educational_use_only
>>>>
>>>> (or some abbreviated form of the above).  The acronyms AR5 and
>>>> IPCC should only be used in connection with the assessment
>>>> activity of IPCC, not any research (or infrastructure support of
>>>> research) carried out that might end up being assessed by the
>>>> IPCC.  The IPCC would probably not want it to appear that it
>>>> sponsors or drives the research that it will assess, and the
>>>> WCRP's WGCM "owns" CMIP5 and should get credit for this by having
>>>> it referred to by its "brand" name (i.e., CMIP).
>>>>
>>>> The WGCM insists on a registration procedure so that they will
>>>> clearly know the terms of use, and this has the added benefit
>>>> that we can track usage better and also can contact users if
>>>> necessary. Those seeking data will have to register and sign one
>>>> of the two options for "terms of use" described above.
>>>>
>>>> I can't remember whether we will ask those registering to say
>>>> what they plan to do with the data.  Although we did this in the
>>>> early stages (at least) of CMIP3, I'm not sure with 1000's of
>>>> users this serves much of a purpose.  Anyone think otherwise?
>>>>
>>>> Best regards,
>>>> Karl
>>>>
>>>> On 6/18/10 4:56 AM, philip.kershaw at stfc.ac.uk wrote:
>>>>> Hi all,
>>>>>
>>>>> I'm forwarding this discussion we've been having at the BADC
>>>>> about the CMIP5 access roles. We currently have the roles,
>>>>>
>>>>> AR5_Research
>>>>> AR5_Commercial
>>>>>
>>>>> Ag would like to know more explicitly what these roles mean -
>>>>> see his e-mail below...
>>>>>
>>>>> On a second point, Martin would like these roles names changed
>>>>> to,
>>>>>
>>>>> cmip5_rearch
>>>>> cmip5_commercial
>>>>>
>>>>> To better reflect their purpose and the distinction from the
>>>>> AR5 activity (his e-mail also see below...)
>>>>>
>>>>> Could someone comment - esp. from PCMDI?
>>>>>
>>>>> Thanks,
>>>>> Phil
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Stephens, Ag (STFC,RAL,SSTD)
>>>>>> Sent: 18 June 2010 12:44
>>>>>> To: Juckes, Martin (STFC,RAL,SSTD); Kershaw, Philip
>>>>>> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
>>>>>> Stephen (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5
>>>>>> security roles
>>>>>>
>>>>>> Hi Phil et al,
>>>>>>
>>>>>> Presumably the "commercial" and "research" roles limit access
>>>>>> in some way.
>>>>>>
>>>>>> However, I would expect most common role to be "public" which
>>>>>> implies:
>>>>>>
>>>>>>  * you still login with your OpenId
>>>>>>
>>>>>>  * but the data is available to all
>>>>>>
>>>>>>  * but because you logged in there is a log of what you have
>>
>> used
>>
>>>>>> Is that in the plan?
>>>>>>
>>>>>> Also, do you know if registration requires a description of
>>>>>> the proposed usage of the data?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Ag
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Juckes, Martin (STFC,RAL,SSTD)
>>>>>> Sent: Fri 6/18/2010 12:17
>>>>>> To: Kershaw, Philip (STFC,RAL,SSTD); Stephens, Ag
>>>>>> (STFC,RAL,SSTD) Cc: Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
>>>>>> Stephen
>>>>>> (STFC,RAL,SSTD) Subject: RE: Current status on CMIP5 security
>>>>>> roles
>>>>>>
>>>>>> Hello Phil,
>>>>>>
>>>>>> A pedantic point: access to cmip5 should be controlled by a
>>>>>> "cmip5_xxxx" role, not "AR5_xxx". We are doing our best to
>>>>>> keep the distinction between CMIP5 (an evolving research
>>>>>> archive) and AR5 (a reference archive consisting of a snapshot
>>>>>> of CMIP5
>>
>> archive
>>
>>>>>> contents) clear.
>>>>>>
>>>>>> A further question: if data is made available at BADC through
>>>>>> our browser, on /badc/cmip5 or some equivalent, will this be
>>>>>> covered by the same access control mechanism?
>>>>>>
>>>>>> cheers,
>>>>>> Martin
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Kershaw, Philip (STFC,RAL,SSTD)
>>>>>> Sent: Fri 18/06/2010 11:42
>>>>>> To: Stephens, Ag (STFC,RAL,SSTD)
>>>>>> Cc: Juckes, Martin (STFC,RAL,SSTD); Lawrence, Bryan
>>>>>> (STFC,RAL,SSTD); Pascoe, Stephen (STFC,RAL,SSTD)
>>>>>> Subject: RE: Current status on CMIP5 security roles
>>>>>>
>>>>>> Hi Ag,
>>>>>>
>>>>>> My understanding is that there are two roles under the
>>>>>> authority of PCMDI which have federation wide scope:
>>>>>>
>>>>>> AR5_Research
>>>>>> AR5_Commercial
>>>>>>
>>>>>> When I say, 'under the authority of', I mean users must
>>>>>> register at PCMDI for these access roles.
>>>>>>
>>>>>> In addition, each institution can still secure datasets with
>>
>> their
>>
>>>>>> own roles specific to their institution.  For example, there
>>>>>> may be cases where a policy marks a dataset as accessible via
>>>>>> 'AR5_Research' or <some-institution-access-role>.
>>>>>>
>>>>>> Cheers,
>>>>>> Phil
>>>>>>
>>>>>> Ref:
>>>>>> http://**esg-pcmdi.llnl.gov/esgf/esgf-security-interface-contro
>>>>>> l- documents/ - 2.1.2. VO Attribute Value Agreements
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Stephens, Ag (STFC,RAL,SSTD)
>>>>>>> Sent: 18 June 2010 11:31
>>>>>>> To: Kershaw, Philip (STFC,RAL,SSTD); Juckes, Martin
>>>>>>> (STFC,RAL,SSTD); Lawrence, Bryan (STFC,RAL,SSTD); Pascoe,
>>
>> Stephen
>>
>>>>>>> (STFC,RAL,SSTD) Subject: Current status on CMIP5 security
>>>>>>> roles
>>>>>>>
>>>>>>> Hi Phil,
>>>>>>>
>>>>>>> I just wanted to enquire about the various security roles
>>
>> planned
>>
>>>>>>> for the CMIP5 archive.
>>>>>>>
>>>>>>> My simplistic view is that there will be:
>>>>>>>
>>>>>>>  * public - available to all
>>>>>>>  * research_only
>>>>>>>
>>>>>>> However, I've heard it might be more complex that than. Do
>>>>>>> you have
>>>>>>
>>>>>> the
>>>>>>
>>>>>>> latest lowdown?
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Ag
>>>>
>>>> _______________________________________________
>>>> GO-ESSP-TECH mailing list
>>>> GO-ESSP-TECH at ucar.edu
>>>> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech
>>>
>>> --
>>> Bryan Lawrence
>>> Director of Environmental Archival and Associated Research
>>> (NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
>>> STFC, Rutherford Appleton Laboratory
>>> Phone +44 1235 445012; Fax ... 5848;
>>> Web: home.badc.rl.ac.uk/lawrence
>>> _______________________________________________
>>> GO-ESSP-TECH mailing list
>>> GO-ESSP-TECH at ucar.edu
>>> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech
>>
>
> -- 
> Bryan Lawrence
> Director of Environmental Archival and Associated Research
> (NCAS/British Atmospheric Data Centre and NCEO/NERC NEODC)
> STFC, Rutherford Appleton Laboratory
> Phone +44 1235 445012; Fax ... 5848;
> Web: home.badc.rl.ac.uk/lawrence
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu
> http://*mailman.ucar.edu/mailman/listinfo/go-essp-tech
>

More information about the GO-ESSP-TECH mailing list