ELIXIR has created easy-to-use and secure user ID management, enabling access to numerous data collections and services. ELIXIR’s AAI service (Authentication and Authorisation Infrastructure) enables electronic user identification and access rights management. Access to data is always granted by the data owner, but AAI will make access to data quicker, since the use policy is clear and straightforward.
The solution is a federated user ID management, which is simple and easy to use. A single identification with their home organisation’s login also provide researchers with secure and reliable access to closely protected data collections.
Finland’s ELIXIR Center CSC has been building the ELIXIR AAI service alongside the Czech ELIXIR Centre.“Because data is private, federations are controlled by strict data security and regulation, such as the GDPR. ELIXIR’s member organisations adhere to European policies in terms of data protection. However, because research is global, the EU wants to share research data with Canada and the US,”says Tommi Nyrönen, Head of Node of Finland’s ELIXIR Center.
“This is why we must manage user information within European and, say, alongside North American organisations. We must have common agreements on how data can be transferred for research purposes in accordance with regulations. Parties responsible for data need sufficient information on users who are requesting access. Only when the user’s identity and potential home organisation and status as a researcher have been ascertained, can the data access application be processed. We must also have a mechanism to stop and cancel access to data quickly if it is used for the wrong purposes. This can be done, for example, with a policy and technology specified by ELIXIR AAI.”