Skip to main content

Research grids and industrial data

What happens when industry collaborates with academics, using the grid to share data? This was one of the main issues that we discussed today in a meeting of the NanoCMOS project. The industrial partners were clear that they would have to be convinced that their valuable data will be adequately protected before they allow their academic colleagues to use it on the grid.

The NanoCMOS project is looking at the impact of variability on the design and production of next-generation microchips. It is funded by the EPSRC and involves several leading electronics companies. The aim is to make circuit designs more resistent to the variations in the yield and performance of microchips; such variability is increasing as transistors get smaller and smaller. In a multi-billion dollar industry, it is clear that the companies involved do not want information about the design or performance of their products to go AWOL.

In the B.G. world (Before Grids), companies license their data to certain academics for them to use at their institutions. The academics are responsible for the use or misuse of this data and their institutions can be held to account in the courts.

In the world of grids, the licensing situation becomes more complicated. When scientists in different institutions use a grid to collaborate, all of them have to be bound into a licence agreement. In addition, the data providers must also trust the underlying technology and the people who use and maintain it. This requires advances in the state of the art of both the technology and in writing licences.

So far, the NanoCMOS project has focussed on the technology. Richard Sinnott's group at NeSC Glasgow are using Shibboleth to manage remote authentication and authorisation. They have developed appropriate authorisation roles, which include the authority to access particular software packages or particular data sets. Users can also be given the authority to delegate some of their roles to other people.

This apporach should work; it will allow data owners to restrict access to named individuals. The more taxing question is who manages the creation and assignment of roles. Ultimately this policy must be determined by the licensing organisation. They may install Shibboleth themselves and require all attempts to access a data set to seek authorisation from their server. Alternatively, they could delegate this right to the lead academic, who would then be responsible for managing the allocation of access rights.

Underlying this, the implementation, deployment and management of the technology must be trustworthy. The system administrators at the various sites will have the opportunity to misconfigure a system (whether deliberately or not). Additionally, of course, each deployment must be secure in itself. This will require a system of checklists and audits. Finally, each system must keep a secure log, so that they can demonstrate they have satisfied the licence agreements.

The NanoCMOS project should provide an excellent opportunity to test this in practice. The industrialists want to contribute real data and will only do so if we can get all the details right.

Comments

Popular posts from this blog

Presentation: Putting IT all together

This is a presentation I gave to an audience of University staff: 

In this seminar, I invite you to consider what the University’s online services would be like, if we worked together to design them from the perspective of the student or member of staff who will use them, instead of designing them around the organisational units that provide them. I’ll start with how the services might appear to that student or member of staff, then work back from there to show what this implies for how we work, how we manage our data, and how we integrate our IT systems. It might even lead to changes in our organisational structure.

Our online services make a vital and valued contribution to the work of our students and staff. I argue that with better integration, more consistent user interfaces, and shared data, this contribution could be significantly enhanced.

This practice is called “Enterprise Architecture”. I’ll describe how it consults multiple organisational units and defines a framework …

Service Excellence, Digital Transformation and Enterprise Architecture

Our University Secretary has sponsored a major review of the University’s administrative processes, coining the banner “Service Excellence”.  The aim is to look at the services we provide to staff and students with a fresh eye, making them more effective, more efficient, and focussed on the user rather than administrative convenience.

Our CIO is sponsoring a similar programme called “Digital Transformation”. This will replace old paper-based processes, starting with the question of what would processes look like if we designed them afresh for the modern connected world.  The aim is to make processes that are more focussed on the user and hence more effective and efficient.

Both of these ambitious programmes will need an effective enterprise architecture, if they are to succeed.  Digital Transformation is intrinsically about using opportunities provided by new technology to improve services and, as such, it requires effective technology services to make data available when needed, to pro…

Not so simple...

A common approach to explaining the benefits of Enterprise Architecture is to draw two diagrams: one that shows a complicated mess of interconnections, and one that shows a nicely layered set of blocks. Something like this one, which came from some consultants:


I've never felt entirely happy with this approach.  Yes, we do want to remove as much of the needless complexity and ad-hoc design that litters the existing architecture.  Yes, we do want to simplify the architecture and make it more consistent and intelligible.  But the simplicity of the block diagram shown here is unobtainable in the vast majority of real enterprises.  We have a mixture of in-house development and different third-party systems, some hosted in-house, some on cloud infrastructure and some accessed as software-as-a-service.  For all the talk of standards, vendors use different authentication systems, different integration systems, and different user interfaces.

So the simple block diagram is, basically, a l…