eduGAIN and ELIXIR – Enhancing AAI services for the life-science community
The use of eduGAIN across the research and education community has dramatically improved access to services and data across the world, enabling the academic community to use their institutional ID to sign in to thousands of educational resources.
However in some cases, eduGAIN does not provide the granularity of identity attributes that are needed for some sensitive services. For example, within the life science community it is often necessary to enhance the identity services provided by eduGAIN to fit the usage models of data and services in the community. Additionally, two different researchers in the same university department may require access to completely different data from the same service provider and, because of the nature of these data, they should not have access to each other's data. This is particularly important within the life science community as many data may contain sensitive information that needs to be carefully controlled.
This is where ELIXIR is able to support these needs.
What is ELIXIR?
ELIXIR unites Europe's leading lifescience organisations in managing and safeguarding the massive amounts of data being generated in publicly funded research. It coordinates, integrates and sustains bioinformatics resources across its Member States and enables users in academia and industry to access vital data, tools, standards, computational and training services for their research.
The goal of ELIXIR is to help researchers take advantage of the huge amounts of data produced in the life sciences so that they can gain new insights into how living organisms work in health and disease.
The 20 countries in ELIXIR work together through a "Hub and Nodes" model:
- ELIXIR Hub: The ELIXIR Hub coordinates collaboration across ELIXIR. The Hub is based at the Wellcome Genome Campus, near Cambridge, UK.
- ELIXIR Nodes: Each member state of ELIXIR establishes a national 'Node'. An ELIXIR Node is usually a network of organisations that work within that country. The 20 ELIXIR Member States are complemented by the European Bioinformatics Institute (EMBL-EBI), an international organisation based in the UK, which operates many of the major databases in the life sciences.
Each Node runs the resources and services that are part of ELIXIR: these includes databases, analysis tools and software, services for making data interoperable, training courses and computing services.
"Within the life science sector it is fair to say that ELIXIR needs eduGAIN just as much as eduGAIN needs ELIXIR. Together they produce a solution that is fit for Europe's life science sector and enables successful research collaborations." Mikael Linden, CSC Finland (ELIXIR Finland)
How ELIXIR supports AAI services for its researchers
Life science research is complex and collaborative with researchers accessing data from many services from different providers. In order to ensure easy and secure access to these data it is necessary to enhance the capabilities of eduGAIN interfederation.
To do this ELIXIR acts as both a Service Provider within the eduGAIN model and as a Proxy IdP (Identity Provider) to the underlying ELIXIR services. This allows ELIXIR to create extended user attributes for researchers to increase the granularity of access to data and services. Teams of researchers can be dynamically created to support projects and mapped across ELIXIR services.
This approach controls access to sensitive data while preserving the ability of researchers to use their existing Institutional Identities.
The ability to use these existing identities is crucial and not just because it means researchers don't have to remember a new username and password combination. It offers:
- Reduced bureaucracy and costs - Reusing existing identities means ELIXIR doesn't have to create and manage its own Identity provider (IdP).
- Improved vetting – Institutional identities are usually personally vetted at creation with face-to-face checking of identity (such as photo or government identities). As a distributed network this face-to-face vetting would be cost-prohibitive. Using eduGAIN federated identities provides greater confidence to the service and data providers.
- Regular updates – As researchers join or leave institutions their affiliation information is maintained regularly. This ensures that staff who leave an institution have their identities pro-actively modified rather than the user having to contact ELIXIR. This increases security of access and confidence that only authorised researchers have access to critical data.
- Improved access to usage metrics – The consistent use of accounts and attributes allows service providers to better analyse the take-up and use of their services.
Without the wide reach of eduGAIN and the support of all member institutions, ELIXIR would not be able to provide cost-effective identity management and control.
ELIXIR unites Europe's leading lifescience organisations in managing and safeguarding the massive amounts of data being generated in publicly funded research. It coordinates, integrates and sustains bioinformatics resources across its Member States and enables users in academia and industry to access vital data, tools, standards, computational and training services for their research. To learn more, visit https://www.elixir-europe.org/