-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
49 changed files
with
6,467 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# Authentication and Authorization Infrastructure | ||
|
||
## [Link to Specification](https://ga4gh.github.io/data-security/) | ||
|
||
## Introduction | ||
|
||
The Authentication and Authorizations Infrastructure (AAI) specification | ||
leverages OpenID Connect (OIDC) to authenticate researchers | ||
desiring to access clinical and genomic resources from data | ||
holders adhering to GA4GH standards. Beyond standard OIDC authentication, AAI enables | ||
data holders to obtain security-related attributes and authorizations of those | ||
researchers. In parallel, the Data Use and Researcher Identity (DURI) Work Stream has developed a standard | ||
representation for researcher authorizations and attributes known as Researcher-ID. | ||
At its core, the AAI specification defines cryptographically secure tokens for exchanging | ||
these researcher attributes called Visas and how various | ||
participants can interact to authenticate researchers, and obtain and validate Visas. | ||
|
||
This specification also provides for federated multilateral authorization infrastructure for greater | ||
interoperability between biomedical institutions sharing restricted datasets. | ||
|
||
### What is OpenID Connect? | ||
|
||
OpenID Connect is a simple identity layer, on top of the OAuth 2.0 protocol, that supports identity verification and the ability to | ||
obtain basic profile information about end users. The AAI specification extends this to define tokens, | ||
endpoints, and flows that enable an OIDC provider (called a Broker) to | ||
provide Passports and Visas to downstream consumers called Passport Clearinghouses. Passports can then be used for | ||
authorization purposes by downstream systems. | ||
|
||
## Passports specification | ||
The AAI and Passports specifications rely on each other for full functionality and will likely be merged in a future version. The Passports specification from the Data Use and Researcher Identities Work Stream can be found [here](https://ga4gh-duri.github.io/researcher_ids/ga4gh_passport_v1.html). | ||
|
||
## Version history | ||
|
||
[Changelog](https://ga4gh.github.io/data-security/changes-1_2) for v1.2 | ||
|
||
Full version history available [here](https://ga4gh.github.io/data-security/aai-openid-connect-profile#specification-revision-history) | ||
|
||
|
||
## Contributors | ||
|
||
GA4GH is an open community and contribution is not limited to those named below. | ||
Names listed alphabetically by surname. Repository maintainers listed [here](./MAINTAINER.md). | ||
|
||
### Core Developers for v1.2 | ||
|
||
- Max Barkley - DNAstack | ||
- Tom Conner - Broad Institute | ||
- Martin Kuba - ELIXIR Czech Republic | ||
- Andrew Patterson - The University of Melbourne Centre for Cancer Research | ||
- Kurt Rodarmer - National Center for Biotechnology Information - NIH | ||
|
||
### Reviewers for v1.2 | ||
|
||
- Francis Jeanson - Peter Munk Cardiac Centre and Ted Rogers Centre for Heart Research | ||
- David Glazer - Verily Life Sciences | ||
- Timothy Slade - RTI International | ||
- Dylan Spalding - ELIXIR Finland | ||
|
||
### Technical Programme Manager | ||
|
||
- Fabio Liberante - Global Alliance for Genomics and Health | ||
|
||
## Work Stream Leadership | ||
|
||
### Data Security | ||
|
||
- David Bernick - Broad Institute | ||
- Lucila Ohno-Machado - Yale University School of Medicine | ||
- Previously - Jean-Pierre Hubaux - Swiss Federal Institute of Technology Lausanne | ||
|
||
### Data Use and Researcher Identities | ||
|
||
- Jaime Guidry-Auvil - National Cancer Institute - NIH | ||
- Tommi Nyrönen - ELIXIR Finland | ||
|
||
|
||
## Demonstration Implementation | ||
|
||
[Life Science RI](https://lifescience-ri.eu/) have implemented this v1.2 specification from the finalised draft for use across the Life Science RI platforms. | ||
Information on creating an account is available [here](https://lifescience-ri.eu/ls-login/users/how-to-get-and-use-life-science-id.html). | ||
With an account, the test service [here](https://echo.aai.elixir-czech.org/) will return a technical view of the various tokens created and shared in an example flow using Passport/AAI 1.2. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.