Trust and Internet Identity Meeting Europe
5-6 Feb 2018: Workshops and Tutorials
7-8 Feb 2018: Unconference

TIIME 2018: Getting an "Astronomer" Attribute for LSST

(Jim Basney)

Jim: All astronomers in the US and Chile should have access to the data. Dealing with people who sign MMUs is standard progress but controlling the access for the whole country seems like a challenge. That’s something that the VoPerson spec helps us for identity linking so we can also talk in depth and Ben and Scott can help out with that discussion. eduPerson spec defines our attributes that we get from our providers. Two attributes of particular interest are edu scope. A group called member that means persons with full set with basic privileges of a university. There is alternatively eduperson entitlement value. For an astronomer, they have to prove that they are an astronomer. Every IDP from US and Chile would have to be included in that.

Peter: We know that it doesn’t scale across large communities, they have their workflows and invitational emails. They rely that the auth provider that has never solved any of those problems. We had discussions when this started to get to this very simple thing and it’s not waterproof. the Question was what is an academic institution and what isn’t and this isn’t a thing we can solve. If you can’t do that how about their departments of astronomy, how about those people, there is no proof to say that a person is a professional astronomer. The person that HR is says is working in this dept, or local computer cleaning guy, even if they had that they are not able to differentiate between faculty and staff. They can’t say whether someone is a teacher or faculty.

Scott: It’s not water-tight but it’s good enough if you look at this use case, if you even get close it’s gonna be good enough. This is not about walls in between the people in Chile or US. I can be an astronomer that doesn’t have much experience but I could look at this data.

Niels: Why are you not in the MOU saying this has something to do with the faculty.

David: Isn’t this an AI problem? What is the risk that we are trying to address in this authorization scheme?

Jim: The reason is that LSST doesn’t want somebody outside of US and Chile to get free access to this data without subscribing. IPR problem. Astronomers around the world subscribe to access this data.

Matthew: So you know which institutions, right? Is it all institutions from US and Chile? Are Ugandan institutions there?

Niels: The policy says that you have to academic and I know for a fact that there is an IDP there called protect network which by definition is not academic in any way. What you are trying to do is what community calls a bonifide researcher. A definition of a combination of things that have to be remembered. Probably not what you want to use as a failing thing however it’s a good hint. If your institution is telling you so, you get a pass. You could do something like if your institution doesn’t provide identity, we can assess whether you are doing research on astronomy. Ultimately this is a policy for onboarding your members.

Peter: The membership is we make up our own members. As a member of this group you are still only allowed to access your data.

Niels: By having professional US astronomers join you already can’t have an attribute. You would curate a flow and if it says you are coming with this this and this, if this is the thing then we would have to manually check you or someone has to vouch for you from the community.

Andrew: Why do you go to institutional IDPs, why don’t you use open badges? Open badge is academic credentials system. MIT is using blockchain for it.

Niels: There is another issue and that’s the availability of the information.

Andrew: It’s about giving assertions to individuals. But there is a consentive for astronomers and astronomy departments.

Niels: Open badges is for this scenario too much focused on the educational side.

Open badges has the product. You could spin this into a scenario. An astronomy server can check this if it’s s

David: We had the same problem counting physicists. We have a list of them. If it’s a 100k then it’s a different scale.

Andrew: If there is an open or closed directory available that is based on membership fees…The only concept I am putting out here if there is a directory you can use a number of methods to expose wrong identities.

Peter: Who is authorized to vouch for someone is very important. The authorized service is at the very far end of your initiative. Gather the sources that could have something.

Niels: This allows you to flip a question, for me to know who belongs to my community. Instead of saying who is inside of the community.

Jim: This combined will get you a member. Clarinet Elixir is a good example. Niels: you could simply talk about the humanity community. It’s a clearly described document. David: A bonafide is a more complex concept. Niels: it’s just a way of doing membership on boarding and you guys need to come up with your version. The next thing I would suggest is what resources you could use, you could use academia. I don’t think that many institutions are serving faculty. That’s why academia has an easier time. In the Netherlands they don’t know who their researches are.
Scott: it’s registered in the EU which means ¾ IDPs in US will not release attributes. You are not registered by in common. If you are not in common you don’t get attributes. Niels: I could easily do it in 5 minutes. Brazillians asked us if I could use together.

Matthew: So lets run with his idea, why don’t you just make a data agreement with linked in. David: is it someone doing research in astronomy or someone who is a professional. We will create a list of all authors that have published an astronomy paper. Niels: membership becomes a hypothesis. We could even have a null hypothesis. Jim: if there is a LinkedIn endorsement for astronomers. Peter: it would be the same as using regex in checking if someone is an astronomer. Niels: You would need to be careful because you would get astrology as well. Jim: its fast track or manual vetting? Peter: everything. Niels: orchid is accepted paper in a field. Peter: its about the data not the authentication. It’s the publications. David: The source of the publications is listed alongside the publication, same holds for the institution and you would need your source listed to it. Jim: orcid is a bit more authorative Niels: The promise you should make is that you should promise that you can do the same thing with 80% David: On how many unis are these 4000? Niels: we will try that in the Netherlands, the actual identity provider is just clueless in most institutions. If a researcher turns up at the door asking for archives, they would ask why

Niels: There was a person in each of these institutions that said yes we are going to commit, a signature under this MMU was signed under a level. This is the person that knows and this person should state membership.

Jim: the person that signs the MOU, we enrol them, they paid this amount of money.

Niels: YOu paid a zillion amount of money that gets you the ability to board so many people.

David: they must know who are the reviewers.

Jim: so 4000 astronomers, do we say a federated identity, we should just hire a fulltime person that should invite those 4000 persons.

Niels: Here are teh 5 methodologies that we can prove you are an astronomer by profession.

Jim: Do any of those criteria have anything to do with edugain.

Niels: If you are only dealing with US and Chile I would do it with edugain. Depends what you mean by help, will you get attributes from them? I don’t know

Peter: They will not be your source. It’s just one of the many sources.

Niels: One of the questions that you could ask is how uncommon this is and is it actually made available from home. We would say that’s not a good idea in the Netherlands. In Chile maybe they would do it. You would maybe have a bit more leverage.

David: for the MOU members, you are going to create an LSST org attribute, can’t you just have another group in there that is American astronomers and Chilean astronomers but you could load it on request. These astronomers will want to know that hey will have to get to the data.

Niels: There is no preloading. There is no list of these people.

David: If you want something more than a member it’s going to cost you so much. They would probably pick member as sufficient. You are paying the cost. It’s an implicate cost. Niels: The institutions that didn’t sign the MOU caused the problems. How can you make them liable?

The Flipchart -