This document discusses challenges with sharing sensitive research data and potential solutions. It notes that while there are hundreds of trusted research environments (TREs) in the EU, they do not allow for easy transnational or transdisciplinary analysis of sensitive data due to issues like different standards, types of TREs, and legal/data governance misalignments between data providers. Potential solutions proposed include developing an interoperable ecosystem of TREs with common standards, executing research workflows across data providers, researchers and TREs, and providing guidance on legal harmonization. The document provides examples where limited transnational data analysis is currently an issue and suggests scalable cloud TRE solutions. It outlines the roles of various stakeholders and technical requirements for such
12. Researcher perspective: KvK
“To what extent does the proportion of
part-time employees affect firm closure?”
● Combine it with my own data
● Play (Tinker with the data)
● Specific characteristics of the
combined data determine
consequent analytical steps.
● Use R, Python
Foto: BG Legal
13. Complete control over the data
● Data cannot leave environment
● Research purpose
● Pseudonymised data
● Review any output
● Trust the research software
● Data upload not allowed
Data provider perspective: KvK
Foto: BG Legal
17. Issues (1/)
● 100s TREs in EU and sufficient investments by data providers
● BUT… TREs hardly allow for the transnational or transdisciplinary analysis of
sensitive data
●
18. Issues (2/)
● 100s TREs in EU and sufficient investments by data providers
● BUT… TREs hardly allow for the transnational or transdisciplinary analysis of
sensitive data
● Data providers
Data governance misalignments Capacity to deliver safeguards
19. Issues (3/)
● TRE providers: not interoperable
○ No consolidation of standards
■ AAI, software, trusted data classification, payment method…
○ Many different TRE types
■ Locally vs. Cloud solutions
■ (Un)guarded solutions
■ Physical solutions
SRAM
27. Solutions
● Technology
○ Federated, transdisciplinary, and transnational ecosystem of trusted research environments
● Trust
○ Executing research workflows with sensitive data providers + researchers + TRE(s)
● Data governance
○ Guidance in tackling legal misalignments
Interconnected workstreams.
29. Introduction
Manager SURF Research Cloud
Services:
• SURF Research Cloud
• SURF HPC Cloud
Projects:
• Secure ANalyses Environment (SANE) project
• Social Science and Humanities Open Cloud (SSHOC-NL)
• EOSC Future: European Environment for Scientific Software Installation
• E-Ecology project
• SURF Container Orchestration project
• X-omics project
E-mail: Ivar.Janmaat@surf.nl
Telephone number: +31 (0) 6 3867 8601
Ivar Janmaat
30. Who can provide what?
• Dataprovider
• Provides data
• No research infrastructure.
• Research Institution (University, UMC, Applied Sciences, Research)
• Provides funding, Local institute research infrastructure
• No (inter) national research infrastructure.
• SURF
• Provides national research infrastructure connection to international
infrastructures
• No direct access for foreign researchers to national infrastructure.
30
31. Technical requirements
• EU/Global Identity
• SURF Research Access Management (SRAM)
• Other Authentication and authorization infrastructures (AAI)
• EUDIW EU Digital Identity Wallet
• Authorization based on funding
• E-infra (National envelopes for Dutch researchers)
• SURF credits (RCCS contracts)
• National envelopes for international researchers
• NOBID (Nordic-Baltic eID)
31
32. Technical requirements
• Data classification and access
• Data Access Commission (DAC)
• ODISSEI data portal
• Passport / Visa (Global Alliance for Genomics and Health; GA4GH)
• Trusted infrastructure
• Network isolation, virtual networks (Enclaves)
• Confidential VM, Hardware isolation and validating (Attestation)
• Confidential jobs
• Zero-trust: only access to things that is allowed (Boundary)
• Key management
32
33. Technical requirements
• Trusted software
• Catalog items version
• Signed software (ID)
• Hashed images
• Audit logging
• What to report to dataprovider
• What to report to NREN (hosting company)
• What to report to institutions
• What to report to researchers
33
35. Tasks in the technical workpackages
• Collecting technical and organisational requirements from data providers &
researchers
• Developing a TRE interoperability framework
• Implementing building blocks of the TREs
• Building a number of off-the-shelf, trusted research environment configurations
• Aligning with EOSC standards and best practices
• Exploring industrial involvement: GAIA-X, Data Spaces, and EOSC-DIH
• Extending of the EOSC Interoperability Framework with the TRE interoperability
framework and TRE reference architecture
35
36. 36
23 May 2023
Lucas van der Meer & Ivar Janmaat
TruSSD:
Trust in Sharing
Sensitive Data
…and many
others