2. Application of Assent in the Safe
Share project
John Ainsworth
john.ainsworth@manchester.ac.uk
24 March 2015
Networkshop44
3. “Diseases are more easily prevented than cured and the first
step to their prevention is the discovery of their exciting
causes.”
William Farr
"On the Construction of Life-Tables, Illustrated by a New
Life-Table of the Healthy Districts of England," Philosophical
Transactions 149, pt. 2 (1859) 837-78
Who is Farr?
30 November 1807 – 14 April 1883
4. • Create a physical and electronic infrastructure to support and accelerate the Centres’
collaborative work
• Support partnerships by providing a physical structure to co-locate NHS
organisations, industry, and other UK academic centres
• Facilitate collaboration, the sharing of datasets, and the adoption of common
standards
• Develop new opportunities for future data linkage at scale
Aims of the Farr
6. • June 2013; Established eInfrastructure and buildings for 4 Farr nodes, following the
Health Informatics Research Centre funding (MRC)
• November 2013; Created a new Administrative Data Research Network and 4
national Centres (ESRC)
• February 2014; 3 ESRC business and local government data research centres
• April 2014; MRC funding for 6 Medical Bioinformatics projects, mostly capital for
eInfrastructure
• July 2014; MRC funding for Genomics England infrastructure
Progress so far
10. • Assent uses the technology developed through our Moonshot project to enable single-sign on capability
within, across and between organisations, where secure communication is ensured
• Benefits
– More applications and services can be accessed via a federated identity
– Lower operational cost
– Built on existing RADIUS and SAML based technologies
• Features
– Simplified sign-on
– Flexible deployment models
– Minimal ongoing management
Assent
11. • A pilot project enabling the secure exchange of data collected by Government and the NHS using
encrypted overlay over the Janet network to facilitate appropriate analysis between project sites
• Objective: to further knowledge of diseases and ill health to improve medical treatments in the
long-term
• Institutions: University of Bristol, Cardiff University, University of Edinburgh, Francis Crick Institute,
University of Leeds, UCL, University of Manchester, University of Oxford, University of St Andrews,
University of Southampton, Swansea University
• Partners: The Farr Institute, The MRC Medical Bioinformatics initiative and The Administrative Data
Research Network
• Running from November 2014 – March 2017
The safe share project
12. Background
• Substantial investment in medical and administrative data research to generate benefits to society from the
appropriate analysis of data collected by Government and the NHS
• E.g. to further knowledge e.g. of disease and ill health to improve medical treatments
Challenges
• Health data, and other routinely collected data on people’s lives, are very personal and sensitive
• Significant numbers of ethical, consensual and practical hurdles to making appropriate use of the sensitive
data for research
The safe share project
13. Drivers
• Requirement for connectivity to move and access electronic health data securely
• Challenge to give public confidence that data is appropriately protected
• Provide economies of scale in secure connectivity
The safe share project
• Jisc management and funding of £960k to pilot potential solutions with the aim of developing a service in
2016/17
• Project being run in two parts
The safe share project
14. 1. Secure connectivity with a higher assurance network (HAN)
Use Cases:
• Inter-Farr – initial trial between Farr facilities at Manchester and Leeds
• Intra-Farr – to support the ALSPAC project between Swansea and Bristol
• ADRC / Farr Pod to Data Centre – connectivity between accredited secure rooms that can be connected to
ADRC data centres for remote working (led by University of Southampton)
The safe share project
15. 2. Authentication, Authorisation and Accounting Infrastructure (AAAI)
Use Cases:
• University of Oxford: to enable researchers to use home institution credentials for authentication to request
access to datasets for studies e.g. into dementia
• HeRC, N8 HPC – access between facilities using home institution credentials
• eMedLab – partners will be able to use a common AAAI to access this new system (for analysis of for
instance human genome data, medical images, clinical, psychological and social data)
• Swansea University Health Informatics Group – investigating Moonshot as an
authentication mechanism to allow use of home institution credentials
The safe share project
16. Partners
The Farr Institute
The MRC Medical Bioinformatics initiative
The Administrative Data Research Network
The safe share project
Pilot institutions
University of Bristol Cardiff University University of Edinburgh
Francis Crick Institute University of Leeds UCL
University of Manchester University of Oxford University of St Andrews
University of Southampton Swansea University
17. Benefits
• Reduction in duplication of effort as a solution is needed by everyone
• Avoidance of potential competing incompatible solutions in different centres
• Support for RCUK and Government strategies for research with sensitive data
• Co-ordinated partnership that can help support UK research into disease and public
health
• Improved knowledge and a scalable solution providing benefits for other members of
the community
The safe share project
18. What is in it for Pilot sites?
• “Anchor tenants” for the trusted club of research centres for using sensitive data in a secure way across
the UK
• Demonstrating the commitment to work as part of a virtual organisation such as the Farr Institute or
ADRN
• Creating and influencing e-infrastructure standard approaches that funders and researchers understand
and that have external verification
• Improved potential for economies of scale in the e-infrastructure for research and re-usability between
different projects
• Opportunity for visibility as thought leaders and champions for
e-infrastructures for research
The safe share project
19. Achievements
• Built collaboration of interested parties that generated the proposal
• Proposal agreed and funded by Jisc (£960k)
• Project initiated with Project Board governance, pilot projects agreed
• Engaged with Cabinet Office on the approach used
• Project team in place
• Identified the security requirements of the different use cases in the pilots
• Technical architecture and approach agreed
• Equipment purchased
• Higher Assurance Network core and first pilot site implemented
The safe share project
20. • The safe share service will allow the secure exchange of data between project sites, via an encrypted
overlay over existing networking infrastructure for example over the Janet network or the internet. Two
core nodes will be established in the Jisc shared data centre at Slough. The data centre is connected
directly to the Janet core with diverse fibre routes currently at 100Gbit/s
• The operation of the safe share service will be undertaken within certified ISO 27001 and ISO 9001
frameworks. The encrypted overlay will be constructed using IPsec tunnels in close alignment to CESG's
PRIME framework and implemented on Juniper’s SRX platform
• The service will operate a number of overlay networks which will allow different Information governance
domains, this will allow us to operate many different secure networks which have differing requirements
The safe share project: HAN design overview
22. HPC Pilot:
• Manchester and Leeds deploying the Moonshot infrastructure, looking to test in April
Swansea University:
• Changed to looking at the use of Assent as part of the Open Stack infrastructure for the Cloud Infrastructure for Microbial
Genomics (CLIMB) project with Universities of Cardiff, Birmingham and Warwick. Further planning with the CLIMB pilot
once the technical work has been done on Moonshot to work with the CLIMB operating system for OpenStack.
eMedLab:
• Technical workshop in November to investigate requirements
• eMedLab is working to get into a production-ready state this year and will then look to pilot use of Assent
University of Oxford:
• No updates as they are looking to learn from the other pilots first
Updates on Safe Share AAAI
23. • OpenStack is increasingly important to e-infrastructure groups
• Looks like various components of OpenStack should/may work fine with Assent and the UK federation
(thanks to the work from University of Kent)
• Jisc engaging with international community on moving AAAI forwards in OpenStack, and the safe share
AAAI pilots will be a good opportunity to test this out in the real world
OpenStack
24. • Enabling the secure exchange of data collected by Government and the NHS using encrypted
overlay over the Janet network to facilitate appropriate analysis between project sites
• Working together to further knowledge of diseases and ill health to improve medical treatments in
the long-term
• Running from November 2014 – March 2017
Find out more:
• https://jisc.ac.uk/rd/projects/safe-share
• https://community.jisc.ac.uk/groups/safe-share-project
• #jiscsafeshare
The safe share project