...
response | signature | request | description |
|---|---|---|---|
StoredCondition | POST /condition | StoredCondition | Create a new StoredCondition immutable Condition. If an exact copy of the provided condition already exists, then the existing StoredCondition will be returned. |
VisaConditionStoredCondition | GET /condition/{id} | Get an existing StoredCondition via its ID. | |
Paginated<StoredCondition> | PUT /condition/list | TBD | Paginated list of conditions based on user’s filters/sorting (TBD) |
Table 1. Conditions API.
Note: By making conditions immutable, user can be assured that it is safe to reuse them in multiple passport AR. If conditions were to be mutable, it would be difficult for users to predict the impact any changes would have across the system.
...
It is important to note that the new PassportAccessRequirement does not inherit any functionality directly from existing ARs (ManagedACTAccessRequirement, SelfSignAccessRequirement, LockAccessRequirement, TermsOfUseAccessRequirement). The new PassportAccessRequirement is intended to supplement, but not replace any of the existing ARS. To achieve this goal, Synapse will issue a visa, to a user, for each traditional AR that they have been grated an approval. In the next section we will cover all of the types of visas that Synapse will issue.
...
Currently the main tool used by ACT for data access management is the ManagedACTAccessRequirement. For example, consider the case where ACT determines that Institutional Review Board (IRB) approval is required to access a dataset. To set this up, a member of the ACT would create a ManagedACTAccessRequirement with isIRBApprovalRequired=true and then bind it to the dataset. Once bound, anyone that wishes to download the dataset must first demonstrate they have “met” the bound access requirement. For this case, a data consumer would need to submit proof of IRB approval to ACT. A member of ACT would then grant an approval for valid submissions. Such an approval means the data consumer has “met” the IRB approval access requirement.
...
Group One - Researchers that have already demonstrated IRB approval to an affiliated institution.
Group Two - Individual researchers that have IRB approval but do not belong to an an affiliated institution.
...
At this point we have two possible GA4GH visa that both demonstrate the bearer has IRB approval to access a specific dataset. Therefore, we will need to create two visa conditions, one for each, the to define we expect to match:
| Code Block | ||
|---|---|---|
| ||
{
"id": "12",
"name":"Affiliate IRB approval",
"type":"ControlledAccessGrants",
"value":{
"match-type":"pattern",
"match-value":"https://some.institution.org/irb/approval/*/datasetstudy/456"
},
"source":{
"match-type":"const",
"match-value":"https://some.institution.org"
},
"by":"dac"
} |
...
Most Synapse users will use utilize one of the many Synapse web UIs at some point. However, there is a class of Synapse users that depend on one of the programmatic clients for their Synapse interactions. This is especially true for Synapse users that write/depend on scripts for automation. However, the GA4GH visa specification is an extension of the OIDC Connect specification with a typical “log in” flow that involves redirecting a browser between various web pages. Since the programmatic clients do not have web pages, an alternate means of authentication is needed.
...