Researcher Auth Service Initiative

About the Researcher Auth Service Initiative

The NIH is the largest biomedical research agency in the world and home to many valuable data resources and platforms at the forefront of data science. These resources are stewarded by the NIH Institutes, Centers, and Office.  The National Institutes of Health (NIH) Researcher Auth Service (RAS) service is part of NIH’s efforts toward a modernized, FAIR, biomedical data ecosystem. RAS facilitates access to NIH’s open and controlled access data assets and repositories in a consistent, secure, and use-friendly manner and provides researchers with a single sign-on experience across participating data resources.  This service is provided by the NIH’s Center for Information Technology and developed in collaboration with the NIH Strategic Plan for Data Science.

NIH RAS is advancing data infrastructure and ecosystem goals as defined in the NIH Strategic Plan for Data Science by leveraging appropriate policies that promote stewardship and sustainability, including the Global Alliance for Genomics and Health (GA4GH) and OpenID standards for integration of researcher-focused applications and data repositories over the OpenID Connect (OIDC) platform. By offering a cloud-based, centralized authentication, authorization, and audit logging service (see diagram), NIH RAS is enhancing the overall security posture of the NIH data ecosystem. With RAS, NIH-supported data systems delegate important identity and access controls to this central NIH service – NIH RAS. For researchers working in the NIH data ecosystem, NIH RAS provides a single sign-on (SSO) experience that enhances the user experience when searching for and accessing NIH’s open and controlled data assets.

Conceptual overview of the first iteration of the NIH Researcher Auth Services initiative, which provides researchers with streamlined access to authorized systems

Here are the identity providers (IdPs) NIH RAS currently offers for users to utilize through RAS as a broker to log in and access NIH data systems.

  1. NIH Login (Identity Assurance Level 1 and IAL2)
  2. eRA Commons with user roles and affiliations (IAL1)
  3. Login.gov (IAL1 and IAL2)
  4. InCommon Federation (options for various Identity Assurance Profiles are available with multi-factor authentication). Please see https://auth.nih.gov/docs/RAS/serviceofferings.html for more information.
  5. Google (IAL1); for authentication-only
  6. ID.me (IAL1 and IAL2)

These are some of the RAS features that help to both support NIH data science and enhance the security of the NIH data ecosystem:

  • Authentication (AuthN) and Multi-factor Authentication (MFA)
    • Researchers can easily prove their identity when logging in with multifactor authentication with different types of credentials, and NIH systems can meet security requirements for enhanced authentication.
  • Authorization (AuthZ)
    • A researcher will be able to securely access controlled data according to the permissions that they have been granted by NIH, within each data repository.
  • Identity Linking
    • RAS uses identity providers which increases security through higher levels of assurance to maintain simplicity and usability for RAS researchers. A researcher can use the capability of linking identities by allowing integrating identity providers the access to profile information and sharing of authorizations.
  • Auditing, Logging and Monitoring
    • Information about a researcher’s/collaborator’s access to data repositories will be tracked and logged in a standard, secure way to better protect staff, intellectual property, and human data.

NIH-supported systems interested in onboarding to the NIH RAS service should visit the NIH RAS Service Offerings website for more information and contact information.

 

NIH Data Systems Using NIH RAS in a Production Environment

Common Fund (CF)

  • Common Fund Data Ecosystem (CFDC) Portal
  • Gabriella Miller Kids First Pediatric Data Resource Center
  • Gabriella Miller Kids First Pediatric Data Resource Center Undiagnosed Diseases Network (UDN) Interoperability

Office of the Director (OD)

  • All of Us (AoU) Researcher Workbench
  • All of Us (AoU) ID.me Partial RAS
  • NIH COVID Rapid Acceleration Diagnostics (RADx) Data Hub 1.0
  • NIH COVID Rapid Acceleration Diagnostics (RADx) Data Hub 3.0

National Eye Institute (NEI)

  • EyeGENE, an instance of Biomedical Research Informatics Computing Systems (BRICS)

National Cancer Institute (NCI) 

  • Cancer Research Data Commons (CRDC)

National Institute on Aging (NIA)

  • An instance of Biomedical Research Informatics Computing Systems (BRICS)
  • NIA Genetics of Alzheimer’s Disease Data Storage Site (NIA NIAGADS) ADDAPT Cloud Commons

Center for Information Technology (CIT)

  • An instance of Biomedical Research Informatics Computing Systems (BRICS)

National Human Genome Research Institute (NHGRI)

  • Genomic Data Science Analysis, Visualization and Informatics Lab-space (AnVIL)

National institute of Neurological Disorders and Stroke (NINDS)

  • Federal Interagency Traumatic Brain Injury Research (FITBIR), an instance of Biomedical Research Informatics Computing Systems (BRICS)
  • Global Unique Identifier (GUID), an instance of Biomedical Research Informatics Computing Systems (BRICS)
  • Parkinson's Disease Biomarker Program (PDBP), an instance of Biomedical Research Informatics Computing Systems (BRICS)
  • Clinical Informatics System for Trials and Research (CiSTAR), an instance of Biomedical Research Informatics Computing Systems (BRICS)

National Heart, Lung, and Blood Institute (NHLBI)

  • BioData Catalyst (BDC)
  • INvestigation of Co-occurring conditions across the Lifespan to Understand Down syndromE (INCLUDE)

National Institute of Nursing Research (NINR)

  • Common Data Repository for Nursing Science (cdRNS), an instance of Biomedical Research Informatics Computing Systems BRICS

National Institute of Child Health and Human Development (NICHD)

  • Data and Specimen Hub (DASH)

National Library of Medicine (NLM) National Center for Biotechnology Information (NCBI)

  • Database of Genotypes and Phenotypes (dbGaP) Power User Portal (PUP)

National Institute of Mental Health (NIMH)

  • NIMH Data Archive (NDA)

Department of Defense, Military Traumatic Brain Injury Initiative (MTBI2)

  • Informatics Data Repository (Repo), an instance of Biomedical Research Informatics Computing Systems (BRICS)
  • Collection Access Sharing & Analytics (CASA), and instance of Biomedical Research Informatics Computing Systems (BRICS)

National Center for Advancing Translational Sciences (NCATS)

  • Genetic and Rare Diseases Information Center (GRDR), an instance of Biomedical Research Informatics Computing System (BRICS)

National institute of Diabetes and Digestive and Kidney Diseases (NIDDK)

  • Global Unique Identifier (GUID), an instance of Biomedical Research Informatics Computing Systems (BRICS)

NIH Data Systems Actively Co-Developing a RAS Integration

National Institute of Drug Abuse (NIDA)

  • Brain Data Platform

National Institute on Minority Health and Health Disparities (NIMHD)

  • Data Platform Science Collaborative for Health Disparities and Artificial Intelligence Bias Reduction (ScHARE)

National Institute of Environmental Health Services (NIEHS)

  • CHORDS Health Data Catalog

Office of the Director (OD) Common Fund (CF)

  • The Human Biomolecular Atlas Program (HuBMAP) Data Portal
  • 4D Nucleome (4DN)
  • Bridge2AI Fairhub
  • Somatic Mosaicism across Human Tissues (SMaHT)

National Heart, Lung, and Blood Institute (NHLBI)

  • Pediatric Cardiac Genomics Consortium (PCGC)
  • INvestigation of Co-occurring conditions across the Lifespan to Understand Down syndromE (INCLUDE) Data Portal (Phase 2)
  • RECOVER BioData Catalyst Data Gateway

National institute of Diabetes and Digestive and Kidney Diseases (NIDDK)

  • Central Repository (CR) Resources for Research (R4R)

Center for Information Technology (CIT)

  • An instance of Biomedical Research Informatics Computing Systems (BRICS) Sandbox

National Cancer Institute (NCI)   

  • Rapid AI Platform for Innovating Data Science (RAPIDS)

National Institute of Allergy and Infectious Diseases (NIAID)

  • Immunology Database and Analysis Portal (ImmPort)

National Institute on Aging (NIA)

  • National Institute on Aging Genetics of Alzheimer's Disease Data Storage (NIAGADS) Data Storage Site (DSS)

Milestones

August 2020 – Phase 2 Partner Development Workshop

Screenshot of attendee virtually participating in the August 2020 – Phase 2 Partner Development Workshop

With COVID-19 preventing travel and large gatherings, January workshop attendees joined a virtual workshop to hear Phase 1 partner system lessons learned, progress updates, and view demonstrations of the new researcher workflows facilitated by their RAS integrations. Phase 2 partner system developers described their integration use cases and technical requirements for RAS Phase 2, including an extension of RAS-federated identity providers, accounting linking, and user experience modifications. RAS Phase 2 features are scoped for code completion in early November so RAS can deploy updates before the end of the year.

National Institute of Environmental Health Sciences (NIEHS), National Center for Advancing Translational Sciences (NCATS), and National Institute of Allergy and Infectious Diseases (NIAID) attended the workshop as potential future RAS partners.

August 2020 – Phase 1 Production Release

NIH deployed a RAS-dbGaP Visa and associated services that allow researchers to log in to RAS one time to access any integrated repository and run an analysis for up to 15 days without re-authenticating. NIH staff or extramural researchers can log into integration systems/applications using their NIH or eRA Commons credentials. Auth tokens move with the researcher as they navigate to any of the four Phase 1 Data Platforms. Existing rules for authorization are enforced so a user can only access data they have been authorized to view.

RAS uses open standards and protocols and provides integrating systems with many standards-based options for integration.

January 2020 – Phase 1 Partner Development Workshop

January 2020 Workshop attendees gathered around a table

The RAS team hosted a workshop at NIH to provide partners with an update on the current state of RAS and the identity and access data available in RAS. The workshop also provided participants an opportunity to agree on the design for each RAS integration use case (interoperability step-by-step, application-to-application) and define the data to be contained within the tokens.

In addition to the participating NIH ICs, the following organizations were present: University of Chicago, Gen3, Children’s Hospital of Philadelphia (CHOP), Broad Institute, Renaissance Computing Institute (RENCI), Seven Bridges, Globus, Johns Hopkins, University of Maryland, and Institute for Systems Biology (ISB).

Important progress was made toward finalizing the initial architecture for Phase 1 of RAS-IC System integration use cases (CRDC/AnVIL, KFDRC/BioData Catalyst), and discussions were initiated for Phase 2 integrations (NDA, AoU, CFDE, NCBI). RAS also gathered requirements for security, technical research spikes, the first RAS-dbGaP Visa (based on GA4GH standards (link is external)), and longer-term requirements.

October 2019 Globus-eRA Integration

NIH staff and extramural researchers with an electronic Research Administration (eRA) Commons account can now use those credentials with Globus to access resources and services. This integration is the result of a partnership between the NIH CIT and Globus, a division of the University of Chicago that provides data management capabilities—including managed data transfer and sharing—to research organizations.

When a researcher visits Globus, he or she will be able to login using eRA Commons credentials thanks to the OpenID Connect protocol. This new NIH capability provides greater flexibility and can be rapidly adopted and extended to support other integration partners in the future.

 

This page last reviewed on July 10, 2024