Researcher Auth Service Initiative

About the Researcher Auth Service Initiative

The NIH is the largest biomedical research agency in the world and home to many valuable data resources and platforms at the forefront of data science for data research. These resources are currently located in separate systems with each system requiring a separate login even if it uses the same credentials as another system.

Because these resources are currently siloed, researchers must manage multiple credentials when attempting to access multiple NIH-funded data platforms while conducting their research. Researchers are unable to move from system to system using one set of credentials, which causes delays in accessing information and completing full research exercises.

To reduce the burden on researchers’ access to data, the Researcher Auth Service (RAS) is a service provided by NIH's Center for Information Technology (CIT) to facilitate access to NIH’s open and controlled data assets and repositories in a consistent and user-friendly manner. The RAS initiative is advancing data infrastructure and ecosystem goals defined in the NIH Strategic Plan for Data Science.

NIH Researcher Auth Service: Key Service Areas - Authentication, Authorization, Auditing
NIH Researcher Auth Service: Key Service Areas

Using human-centered design principles, RAS will combine input from researchers and the work of partner institutions on the initiative to design a user experience that reduces points of friction throughout the process (e.g., eliminating or reducing the need for researchers to have to furnish distinct/multiple credentials).

Security is another driving factor for the RAS services; increased protection of intellectual resources through automated logging of data access will facilitate easier investigation and activity tracing in the event of a cyber security incident.

The service offerings explains the authentication, authorization, and logging services available to NIH Institutes and Centers and extramural systems desiring information about users requesting to access NIH’s open and controlled data assets and repositories through RAS.

about

RAS in 2020

A researcher accessing NIH data resources can log in with eRA Commons, NIH, or Login.gov credentials. 

Participating NIH Systems:

  • Common Fund: Gabriella Miller Kids First Pediatric Data Resource Center (KFDRC), Common Fund Data Ecosystem (CFDE)
  • National Center for Biotechnology Information: Database of Genotypes and Phenotypes (dbGaP)
  • National Human Genome Research Institute: Genomic Data Science Analysis, Visualization, and Informatics Lab-space (AnVIL)
  • National Cancer Institute: Cancer Research Data Commons (CRDC)
  • National Heart, Lung, and Blood Institute: BioData Catalyst (formerly DataSTAGE)
  • Office of the Director: All of Us (AoU)
  • National Institute of Mental Health: National Institute of Mental Health Data Archive (NDA)
Conceptual overview of the first iteration of the NIH Researcher Auth Services initiative, which provides researchers with streamlined access to authorized systems
NIH Researcher Auth Service 1.0: Conceptual Overview

 

ras2020

Milestones

August 2020 – Phase 2 Partner Development Workshop

Screenshot of attendee virtually participating in the August 2020 – Phase 2 Partner Development Workshop

With COVID-19 preventing travel and large gatherings, January workshop attendees joined a virtual workshop to hear Phase 1 partner system lessons learned, progress updates, and view demonstrations of the new researcher workflows facilitated by their RAS integrations. Phase 2 partner system developers described their integration use cases and technical requirements for RAS Phase 2, including an extension of RAS-federated identity providers, accounting linking, and user experience modifications. RAS Phase 2 features are scoped for code completion in early November so RAS can deploy updates before the end of the year.

National Institute of Environmental Health Sciences (NIEHS), National Center for Advancing Translational Sciences (NCATS), and National Institute of Allergy and Infectious Diseases (NIAID) attended the workshop as potential future RAS partners.

August 2020 – Phase 1 Production Release

NIH deployed a RAS-dbGaP Visa and associated services that allow researchers to log in to RAS one time to access any integrated repository and run an analysis for up to 15 days without re-authenticating. NIH staff or extramural researchers can log into integration systems/applications using their NIH or eRA Commons credentials. Auth tokens move with the researcher as they navigate to any of the four Phase 1 Data Platforms. Existing rules for authorization are enforced so a user can only access data they have been authorized to view.

RAS uses open standards and protocols and provides integrating systems with many standards-based options for integration.

January 2020 – Phase 1 Partner Development Workshop

January 2020 Workshop attendees gathered around a table

The RAS team hosted a workshop at NIH to provide partners with an update on the current state of RAS and the identity and access data available in RAS. The workshop also provided participants an opportunity to agree on the design for each RAS integration use case (interoperability step-by-step, application-to-application) and define the data to be contained within the tokens.

In addition to the participating NIH ICs, the following organizations were present: University of Chicago, Gen3, Children’s Hospital of Philadelphia (CHOP), Broad Institute, Renaissance Computing Institute (RENCI), Seven Bridges, Globus, Johns Hopkins, University of Maryland, and Institute for Systems Biology (ISB).

Important progress was made toward finalizing the initial architecture for Phase 1 of RAS-IC System integration use cases (CRDC/AnVIL, KFDRC/BioData Catalyst), and discussions were initiated for Phase 2 integrations (NDA, AoU, CFDE, NCBI). RAS also gathered requirements for security, technical research spikes, the first RAS-dbGaP Visa (based on GA4GH standards), and longer-term requirements.

October 2019 Globus-eRA Integration

NIH staff and extramural researchers with an electronic Research Administration (eRA) Commons account can now use those credentials with Globus to access resources and services. This integration is the result of a partnership between the NIH CIT and Globus, a division of the University of Chicago that provides data management capabilities—including managed data transfer and sharing—to research organizations.

When a researcher visits Globus, he or she will be able to login using eRA Commons credentials thanks to the OpenID Connect protocol. This new NIH capability provides greater flexibility and can be rapidly adopted and extended to support other integration partners in the future.

milestones

This page last reviewed on October 5, 2020