CORBEL Prototype implementation of distributed automated data access request, review and authorization and delivery systems

This deliverable describes research infrastructures’ prototypes for granting a researcher an authorisation to access research data encouraging secondary use of data that is already collected. This deliverable further describes prototypes for delivering the decision on the granted access rights to the environment that enforces access control. The goal of this deliverable is to document and disseminate existing approaches in contributing research infrastructures.

The main use case in this deliverable is that data access requires authorisation because of its sensitive nature, for instance, if it involves samples from humans. Alternatively, it is possible that the data per se is not sensitive and suited to become public but cannot be shared pending the publication of the research results or filing a patent application. These two use cases are complementary and can be covered by the same technical approaches.

Since this deliverable focuses on accessing research data, access to other kinds of assets (such as, instruments, biological samples and computing capacity) is out of scope. Transfer of research data between datacentres (including legal considerations of cross-national transfers) is also not covered in this deliverable.

This deliverable first presents the key concepts, then previous work in life sciences and beyond as well as within relevant standards bodies (in particular, Global Alliance for Genomics and Health). Finally eight prototype implementations are presented from the contributing research infrastructures, including ELIXIR services for registered and controlled access, BBMRI-ERIC’s Colorectal cancer cohort and Negotiator, EGA’s work on DUO, BBMRI-NL Podium, SOLVE-RD Analysis Sandbox and LifeCycle Federated cohort analysis using DataShield. Before data access authorisation and delivery can be carried out, a researcher needs to be identified and their identity authenticated to a sufficient level of assurance. Existing approaches to researcher authentication are described here to the extent necessary for data access authorisation.