Security

[stevencox]

Develop a technical architecture roadmap for securing Translator services. Working with Identity team at UNC on ways to secure clinical data via Shibboleth. First meeting held last week. We're doing independent research for a few days and will get back together soon. So far, we have not been able to identify a solution that gets us a working prototype in October.

[stevencox]

Notional initial prototype developed. This repository includes a Jupyter notebook that

• Implements a python web server intended to serve as a SAML SP endpoint
• The hope is to interact with the IdP to get SAML credentials and proxy these to services
  A VM, translator.renci.org has been provisioned to host the prototype.

Configuration involves:

• Go to TestShib and follow the general steps.
  • Note, Apache with shibboleth for the SP has been installed

Integration with the UNC test IdP includes registration of a test Onyen

@rayi113 is investigating getting a person who can interact with UNC Identity management folks to complete the steps to integrate with the UNC test IdP.

[stevencox]

At the hackathon, we moved on from the idea of protecting web services with SAML for real patient data. We concluded that real patient data is different and we'll use traditional, human in the loop approaches. So the shibboleth implementation is tabled.

In the mean time, we are moving ahead with a somewhat complex plan that includes:

• Turning the current Tweetsie machine into a compute machine for endotype classification work.
• Developing new virtual machines to serve the existing de-identified HuSH+ data

[stevencox]

Tweetsie migration is handled in #96 .
The broader security question for patient data is resolved.

[stevencox]

Getting legal attestation that RENCI is part of the same covered entity as UNC in response to Ken Langley's request late last week.

[stevencox]

Approach supplanted by clinical feature vectors and evidence based regrouping.