Overview of the AAI

Illustration pictureWhile the majority of life science services are openly accessible to anyone across the world, many of them require researchers to sign in using a username and password. Sensitive data and licensed resources of course require strong security for access.

In these cases, research services have implemented local access management solutions and issued their own usernames and passwords. As a consequence, researchers quickly became overloaded with having to remember numerous login credentials.

The Life Science Login (a.k.a. Life Science Authentication and Authorization Infrastructure, LS AAI) enables researchers to use their home organization credentials or community or commercial identities (e.g. ORCID, Google) to sign in and access data and services they need. It also allows service providers (both in academia and industry) to control and manage the access rights of their users and create different access levels for research groups or international projects.

For example, two different researchers in the same university may be working on different European or national research projects and may need access to completely different data or compute resources. LS Login ensures that they can access the right resources, using their university credentials, while making sure they can’t see each others’ data.

For more information you can refer to LS Login web page.

Service catalog contains list of services connected to LS Login and you can find it here.

Statistics page is under preparation.

Benefits of LS Login for researchers and service providers

The benefits of LS Login go well beyond the convenience of not having to remember a new username and password combination. It offers:

  • Reduced bureaucracy and costs: reusing existing institutional identities means service providers don’t have to create and manage accounts for all their users. LS Login helps service providers meet legal obligations in privacy and data protection legislation (GDPR), and are able to respond swiftly to security incidents.
  • Improved verification: researchers’ identities are usually personally verified by their home organizations with face-to-face checking of photo IDs or government documents. As such, they provide reliable information on the researcher’s affiliation and greater confidence in the service and data providers. It would be lengthy and expensive for ELIXIR to manage this face-to-face vetting in the context of a distributed infrastructure.
  • Regular updates: as researchers join or leave institutions their affiliation information is maintained regularly. When a user change affiliation (be it research group, department, EU project, or university) the access rights coupled with this affiliation is automatically updated. This increases the security of access and confidence that only authorized researchers have got access to critical data.
LS Login is open to all service providers in industry and academia. Read the LS Login documentation or contact support [at] aai.lifescience-ri.eu to learn more.
In ELIXIR AAI Task, we organize regular Community engagement meetings where we would like to share and discuss together new AAI needs, requirements and ideas collected from the community, as well as share success stories with other infrastructures. Topics will be selected based on needs and interest and also in regard to migration to LS Login. For agenda and detailed information please check on TESS.

Genomics data sharing and LS Login

The capabilities of LS Login are demonstrated in the reference implementation of the ELIXIR Beacons. The three-tier access system was developed jointly by the ELIXIR Compute platform, the ELIXIR Human Data Use Case, and the Global Alliance for Genomics and Health. It allows data owners to publish their genomics data in one of the three access levels (public, registered, and controlled), and control what kind of information will be provided to different types of users.

The public tier, open to all users, will only disclose allele frequencies in the genomic data; the registered users (scientists working at universities and research centers) have access to cohort-specific allele frequencies; users in the controlled tier have to be individually approved by Data Access Committees and have access to individual-level data from cohorts.

See more at https://beacon-project.io.

ELIXIR Beacon schema