...
response | signature | request | description |
|---|---|---|---|
StoredCondition | POST /condition | StoredCondition | Create a new StoredCondition immutable Condition. If an exact copy of the provided condition already exists, then the existing StoredCondition will be returned. |
StoredCondition | GET /condition/{id} | Get an existing StoredCondition via its ID. | |
Paginated<StoredCondition> | PUT /condition/list | TBD | Paginated list of conditions based on user’s filters/sorting (TBD) |
Table 1. Conditions API.
Note: By making conditions immutable, user can be assured that it is safe to reuse them in multiple passport AR. If conditions were to be mutable, it would be difficult for users to predict the impact any changes would have across the system.
...
It is important to note that the new PassportAccessRequirement does not inherit any functionality directly from existing ARs (ManagedACTAccessRequirement, SelfSignAccessRequirement, LockAccessRequirement, TermsOfUseAccessRequirement). The new PassportAccessRequirement is intended to supplement, but not replace any of the existing ARS. To achieve this goal, Synapse will issue a visa, to a user, for each traditional AR that they have been grated an approval. In the next section we will cover all of the types of visas that Synapse will issue.
...
Group One - Researchers that have already demonstrated IRB approval to an affiliated institution.
Group Two - Individual researchers that have IRB approval but do not belong to an an affiliated institution.
For this use case we would like to setup an access requirement such that the affiliated institution can automatically confirm IRB approval (for group one) or Sage ACT can manually confirm IRB approval (for group two).
...
At this point we have two possible GA4GH visa that both demonstrate the bearer has IRB approval to access a specific dataset. Therefore, we will need to create two visa conditions, one for each, the to define we expect to match:
...
Most Synapse users will use utilize one of the many Synapse web UIs at some point. However, there is a class of Synapse users that depend on one of the programmatic clients for their Synapse interactions. This is especially true for Synapse users that write/depend on scripts for automation. However, the GA4GH visa specification is an extension of the OIDC Connect specification with a typical “log in” flow that involves redirecting a browser between various web pages. Since the programmatic clients do not have web pages, an alternate means of authentication is needed.
...