About the Researcher Auth Service Initiative
The NIH is the largest biomedical research agency in the world and home to many valuable data resources and platforms at the forefront of data science. These resources are stewarded by the NIH Institutes, Centers, and Office. The National Institutes of Health (NIH) Researcher Auth Service (RAS) service is part of NIH’s efforts toward a modernized, FAIR, biomedical data ecosystem. RAS facilitates access to NIH’s open and controlled access data assets and repositories in a consistent, secure, and use-friendly manner and provides researchers with a single sign-on experience across participating data resources. This service is provided by the NIH’s Center for Information Technology and developed in collaboration with the NIH Strategic Plan for Data Science.
NIH RAS is advancing data infrastructure and ecosystem goals as defined in the NIH Strategic Plan for Data Science by leveraging appropriate policies that promote stewardship and sustainability, including the Global Alliance for Genomics and Health (GA4GH) and OpenID standards for integration of researcher-focused applications and data repositories over the OpenID Connect (OIDC) platform. By offering a cloud-based, centralized authentication, authorization, and audit logging service (see diagram), NIH RAS is enhancing the overall security posture of the NIH data ecosystem. With RAS, NIH-supported data systems delegate important identity and access controls to this central NIH service – NIH RAS. For researchers working in the NIH data ecosystem, NIH RAS provides a single sign-on (SSO) experience that enhances the user experience when searching for and accessing NIH’s open and controlled data assets.

Here are the identity providers (IdPs) NIH RAS currently offers for users to utilize through RAS as a broker to log in and access NIH data systems.
- NIH Login (Identity Assurance Level 1 and IAL2)
- eRA Commons with user roles and affiliations (IAL1)
- Login.gov (IAL1 and IAL2)
- InCommon Federation (options for various Identity Assurance Profiles are available with multi-factor authentication). Please see https://auth.nih.gov/docs/RAS/serviceofferings.html for more information.
- Google (IAL1); for authentication-only
- ID.me (IAL1 and IAL2)
These are some of the RAS features that help to both support NIH data science and enhance the security of the NIH data ecosystem:
- Authentication (AuthN) and Multi-factor Authentication (MFA)
- Researchers can easily prove their identity when logging in with multifactor authentication with different types of credentials, and NIH systems can meet security requirements for enhanced authentication.
- Authorization (AuthZ)
- A researcher will be able to securely access controlled data according to the permissions that they have been granted by NIH, within each data repository.
- Identity Linking
- RAS uses identity providers which increases security through higher levels of assurance to maintain simplicity and usability for RAS researchers. A researcher can use the capability of linking identities by allowing integrating identity providers the access to profile information and sharing of authorizations.
- Auditing, Logging and Monitoring
- Information about a researcher’s/collaborator’s access to data repositories will be tracked and logged in a standard, secure way to better protect staff, intellectual property, and human data.
NIH-supported systems interested in onboarding to the NIH RAS service should visit the NIH RAS Service Offerings website for more information and contact information.
NIH Data Systems Using NIH RAS in a Production Environment
Common Fund (CF)
|
Office of the Director (OD)
|
National Eye Institute (NEI)
|
National Cancer Institute (NCI)
|
National Institute on Aging (NIA)
|
Center for Information Technology (CIT)
|
National Human Genome Research Institute (NHGRI)
|
National institute of Neurological Disorders and Stroke (NINDS)
|
National Heart, Lung, and Blood Institute (NHLBI)
|
National Institute of Nursing Research (NINR)
|
National Institute of Child Health and Human Development (NICHD)
|
National Library of Medicine (NLM) National Center for Biotechnology Information (NCBI)
|
National Institute of Mental Health (NIMH)
|
Department of Defense, Military Traumatic Brain Injury Initiative (MTBI2)
|
National Center for Advancing Translational Sciences (NCATS)
|
National institute of Diabetes and Digestive and Kidney Diseases (NIDDK)
|
NIH Data Systems Actively Co-Developing a RAS Integration
National Institute of Drug Abuse (NIDA)
|
National Institute on Minority Health and Health Disparities (NIMHD)
|
National Institute of Environmental Health Services (NIEHS)
|
Office of the Director (OD) Common Fund (CF)
|
National Heart, Lung, and Blood Institute (NHLBI)
|
National institute of Diabetes and Digestive and Kidney Diseases (NIDDK)
|
Center for Information Technology (CIT)
|
National Cancer Institute (NCI)
|
National Institute of Allergy and Infectious Diseases (NIAID)
|
National Institute on Aging (NIA)
|
Milestones
August 2020 – Phase 2 Partner Development Workshop
With COVID-19 preventing travel and large gatherings, January workshop attendees joined a virtual workshop to hear Phase 1 partner system lessons learned, progress updates, and view demonstrations of the new researcher workflows facilitated by their RAS integrations. Phase 2 partner system developers described their integration use cases and technical requirements for RAS Phase 2, including an extension of RAS-federated identity providers, accounting linking, and user experience modifications. RAS Phase 2 features are scoped for code completion in early November so RAS can deploy updates before the end of the year.
National Institute of Environmental Health Sciences (NIEHS), National Center for Advancing Translational Sciences (NCATS), and National Institute of Allergy and Infectious Diseases (NIAID) attended the workshop as potential future RAS partners.
August 2020 – Phase 1 Production Release
NIH deployed a RAS-dbGaP Visa and associated services that allow researchers to log in to RAS one time to access any integrated repository and run an analysis for up to 15 days without re-authenticating. NIH staff or extramural researchers can log into integration systems/applications using their NIH or eRA Commons credentials. Auth tokens move with the researcher as they navigate to any of the four Phase 1 Data Platforms. Existing rules for authorization are enforced so a user can only access data they have been authorized to view.
RAS uses open standards and protocols and provides integrating systems with many standards-based options for integration.
January 2020 – Phase 1 Partner Development Workshop
The RAS team hosted a workshop at NIH to provide partners with an update on the current state of RAS and the identity and access data available in RAS. The workshop also provided participants an opportunity to agree on the design for each RAS integration use case (interoperability step-by-step, application-to-application) and define the data to be contained within the tokens.
In addition to the participating NIH ICs, the following organizations were present: University of Chicago, Gen3, Children’s Hospital of Philadelphia (CHOP), Broad Institute, Renaissance Computing Institute (RENCI), Seven Bridges, Globus, Johns Hopkins, University of Maryland, and Institute for Systems Biology (ISB).
Important progress was made toward finalizing the initial architecture for Phase 1 of RAS-IC System integration use cases (CRDC/AnVIL, KFDRC/BioData Catalyst), and discussions were initiated for Phase 2 integrations (NDA, AoU, CFDE, NCBI). RAS also gathered requirements for security, technical research spikes, the first RAS-dbGaP Visa (based on GA4GH standards (link is external)), and longer-term requirements.
October 2019 – Globus-eRA Integration
NIH staff and extramural researchers with an electronic Research Administration (eRA) Commons account can now use those credentials with Globus to access resources and services. This integration is the result of a partnership between the NIH CIT and Globus, a division of the University of Chicago that provides data management capabilities—including managed data transfer and sharing—to research organizations.
When a researcher visits Globus, he or she will be able to login using eRA Commons credentials thanks to the OpenID Connect protocol. This new NIH capability provides greater flexibility and can be rapidly adopted and extended to support other integration partners in the future.