Virtual Research Organization Platform Rollout

Researchers collaborate globally with multiple institutions and increasingly write software and design new technologies in partnership with universities, private institutions, and companies. A collaboration platform needs to be able to fit into this quickly changing environment and make it easier for scientists to use their preferred tools. The National Institute of Allergy and Infectious Diseases (NIAID) is supporting a vision of the Virtual Research Organization (VRO) as a flexible collaboration platform to meet the needs of modern science.

Research Data and Communications Technology (RDCT) built a platform to support collaborations between scientists using their existing institutional credentials. Initial efforts targeted collaborations based at the NIAID International Centers for Excellence in Research in Mali and Uganda. The platform is expanding to support international virtual organizations worldwide, with researchers in China, South Africa, the United Kingdom, and France.

RDCT worked with partners from the:

  • National Institutes of Health (NIH) Center for Information Technology IAM team.
  • US Academic Trust and Identity Federation, InCommon, operated by the Internet2: a member-owned advanced technology community founded by the nation’s leading higher education institutions.
  • Research and Education FEDerations group (REFEDS), the umbrella organization that guides eduGAIN.

EduGAIN is the meta-federation allowing the global network of trust federations to interact with each other, enabling access to services between academic organizations and service providers in more than 40 countries.

Technologies new to RDCT are used in the academic trust and identity vertical throughout the higher education community. These include:

Shibboleth: A single sign-on system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions.

COmanage: A tool that creates a local identity that maps to the institutional federated identity for access controls. Multiple institutional credential sets and identities can be mapped to this identifier so that scientists can maintain their collaboration when they change institutions or roles.

Microsoft Active Directory Federation Services (AD FS): The sole commercial software in this platform, it links identities from the collaboration platform to Microsoft products such as SharePoint.

Grouper:  An enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities and research institutions.

The NIH sponsored the two NIAID African International Centers for Excellence in Research (ICERs) located in Mali and Uganda into InCommon as sponsored Identity Providers (IdPs). RDCT installed Shibboleth based Security Assertion Markup Language (SAML) Identity Providers for the two African ICERs as a preliminary step in building the virtual organizations. InCommon exported these two IdPs into the global meta-federation, eduGAIN, so that they were able to access the global community of service providers and other institutions of higher learning and research. NIH exported the metadata for two Shibboleth based Service Providers (SP) and Microsoft AD FS servers at each of the ICERs that linked to SharePoint servers.

This topology allowed collaborations to span the ICERs using COmanage, operating in the Amazon Web Services (AWS) Cloud, as the central management platform. It also allows scientists to quickly upload data to the local server at LAN speeds, and collaborators can download from the site using their own institutional credentials; they do not require accounts in the local Mali Active Directory.