NMC security requirements

From BioAssist
Revision as of 15:51, 13 July 2010 by Mgjansen (Talk | contribs)

Jump to: navigation, search

Security Requirements NMC Data Support Platform

Version:Machiel Jansen 1-7-2010

Introduction

This page presents a brief overview of the proposed requirements regarding Authentication, Authorization and Accounting (AAA) for the NMC Data Support Platform (DSP). Potential users can request a login and password by applying for an account at the NMC. The NMC will set up a procedure by which new applications will be judged.

Data security

Research data may be subject to privacy laws and regulations. The DSP will not enforce these or issue warnings. Instead a ‘Code of Conduct’ for proper user of the DSP will be set up by the NMC. The system will contain a disclaimer against storing privacy sensitive data in the DSP. Patient records should NOT be stored in the DSP.

Encryption

Data will not be stored encrypted. The transfer of the network and the internet will be encrypted by https. Users will login with a username and password.

Roles

In the DSP we will distinguish roles for each user of the system. Each user will be given at least one role which allows him or her to perform certain actions within the system. These actions can be of the following types: Create(C) , Read (R), Update or write(U) and Delete (D). In addition, data elements in the system are also owned (O) by users with a specific role. Creating a project, study or data file in the DSP will make the user owner of that data item. Based on the access rights provided by the owner, users have read/write access to the data in the DSP.

The following roles can be distinguished:

  • Project Leader The leader of the project is responsible for the content and access to the project
  • Project member Can read/write data in the project
  • Sub Contractor Can own data within the project and may hide data from project leader
  • Global Administrator Can create users and institutes or organizations
  • Local Administrator Can create users for an institute or organization
  • Guest Has only access to public data

The Project Leader (PL) is the person responsible for the content of the project. He/she is allowed to created studies, samples and create data items. The PL can select users and promote them to Project Members (PM’s) by assigning read/write access to them, within the context of the project.

If the PL grants a Project Member (PM) read or write access then the PM is able to read or write all data in the project which is owned by the PL. All data that is uploaded or changed in the project is owned by the PL. An exception is formed by data that is created or uploaded by the Sub Contractor in the project owned by the PL. A PL can add a Sub Contractor (SC) to the project. This user can own and create his own data items in the DSP and later transfer ownership to the PL.

The reason for introducing the SC came up in conversations with people from the DCL in Leiden. The DCL often performs measurements for studies and returns to the PL the resulting peak information. The intermediate data is not returned, unless it is specifically asked for. In order to facilitate such a use of the DSP the DCL will take the role of SC and transfer ownership of the peak data files to the PL. Information about QC’s and other intermediate or raw data can still be in the DSP but invisible to other users. A Global Administrator (GA) is able to view and change all data within the DSP. This user will be bound by NMC procedures and regulations not to abuse access to the system. The GA is not a normal user of the system but takes care of bugs, problems and maintenance. The GA also can add users and institutes. A Local Administrator (LA) can create users which belong to a certain institute.

Accounting

The following actions will be logged for accounting purposes.
  • Data and time of user log in
  • Date and time of user downloading a dataset
  • Data and time of user updating or deleting a dataset
  • Date and time of transfer ownership (from SC to PL)