Attention: The Keycloak upgrade has been completed. As this was a major upgrade, there may be some unexpected issues occurring. Please report any issues you find to support by using the contact form found at https://www.ebrains.eu/contact/. Thank you for your patience and understanding. 


Last modified by alexisdurieux on 2022/03/25 08:38
From version 31.1
edited by alexisdurieux
on 2022/03/25 08:38
Change comment: Update collab owner property to alexisdurieux
To version 6.1
edited by alexisdurieux
on 2021/01/06 11:32
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Data Proxy & Human Data Gateway
1 +Data Proxy
Content
... ... @@ -2,68 +2,40 @@
2 2  (((
3 3  (% class="container" %)
4 4  (((
5 -(% style="text-align: justify;" %)
6 -= Data Proxy & HDG =
5 += Data Proxy =
7 7  
8 -The Data Proxy is an application that allows authenticated EBRAINS users to access Swift Object storage without a Fenix user account.
9 -This application has 2 main use cases:
10 -
11 -* (((
12 -It provides a dedicated optional swift container to every Collab. We call it the Collab Bucket.
7 +Documentation
13 13  )))
14 -* (((
15 -It allows users to access and visualize Knowledge Graph datasets. It provides an additional layer to access datasets with more sensitive human data that has been strongly pseudonymized (e.g  defaced brain scans): The **Human Data Gateway**
16 16  )))
17 -)))
18 -)))
19 19  
20 20  (% class="row" %)
21 21  (((
13 +(% class="col-xs-12 col-sm-4" %)
22 22  (((
23 -(% style="text-align: justify;" %)
24 -The data proxy core is the application that acts as a proxy to the object storage (Swift).
15 +The data proxy core is the application that acts as a proxy to the CSCS Swift storage.
25 25  
26 -(% style="text-align: justify;" %)
27 -=== Object Storage ===
17 +==== Authentication ====
28 28  
29 -The documentation of Swift object storage can be found here:
19 +The application itself is connected to the CSCS storage. The user is authenticated against the data-proxy application using an authorization headers. The user is then authenticated against the EBRAINS platform. That means the user only needs to have a ebrains account to access the data proxy and the swift storage capabilities
30 30  
31 -[[https:~~/~~/docs.openstack.org/swift/pike/admin/objectstorage-intro.html>>https://docs.openstack.org/swift/pike/admin/objectstorage-intro.html]]
21 +=== Bucket system ===
32 32  
33 -(% style="text-align: justify;" %)
34 -=== Authentication ===
23 +We use the collaboratory authorization system for the buckets.
35 35  
36 -(% style="text-align: justify;" %)
37 -The Data Proxy authenticates its users with the EBRAINS (Collaboratory) IAM service.
25 +For every collab, it is possible to access a swift container as a user. The action the user can perform on the buckets depend on the rights the user has in the collab
38 38  
39 -(% style="text-align: justify;" %)
40 -Prior to the availability of the Data Proxy, EBRAINS users had to request a Fenix user account in order to access object storage capabilities on the Fenix infrastructure. With the Data Proxy, a user only needs to have an EBRAINS account to access object storage resources (effectively on the same Fenix object storage infrastructure). Data stored in this way is held in the name of the data proxy service account on Fenix, and the Data Proxy tracks who has access to which data.
41 -
42 -(% style="text-align: justify;" %)
43 -=== Permissions ===
44 -
45 -(% style="text-align: justify;" %)
46 -We use the Collaboratory authorization system to manage permissions in the Data Proxy.
47 -
48 -(% style="text-align: justify;" %)
49 -A Swift object container can be associated to each collab. Object containers are also known as "buckets"  to avoid confusion with other containers (e.g. Docker containers). An EBRAINS user can perform the following actions on a bucket depending on the user's permissions (as defined by the collab's Team) in the collab associated with the bucket.
50 -
51 51  (% border="3" %)
52 -|=(% style="text-align: justify;" %)Team permissions of a collab|=(% style="text-align: justify;" %)Available actions on that collab's bucket
53 -|(% style="text-align:justify" %)Viewer|(% style="text-align:justify" %)Read
54 -|(% style="text-align:justify" %)Editor|(% style="text-align:justify" %)Create, Read, Update, Delete
55 -|(% style="text-align:justify" %)Admin|(% style="text-align:justify" %)Create, Read, Update, Delete
56 -|(% style="text-align:justify" %)Not a collab member|(% style="text-align:justify" %)Read access only if the collab is public
28 +|=Collab Right|=Available actions on bucket
29 +|Viewer|Read
30 +|Editor|Create, Read, Update, Delete
31 +|Admin|Create, Read, Update, Delete
32 +|Not a collab member|No actions
57 57  
58 -(% class="wikigeneratedid" %)
59 -You can access the buckets in the "Bucket" navigation element in every collab.
34 +**Should the editor be able to create the bucket in the first place ?**
60 60  
61 -=== Collaboratory bucket vs drive ===
62 62  
63 -A collab offers 2 main locations to store files: a drive and a bucket. The drive offers more advanced features like recognition of file formats (Office, Markdown, PDF) with applications specific to each, simplified version control, smart links. The bucket on the other hand offers larger storage capacity and better bandwidth. The bucket is recommended for datasets (brain scans, EEG, derived data) and videos (including for streaming).
37 +=== **Api description** ===
64 64  
65 -=== API ===
66 -
67 -The API is self-documented using Swagger UI. You can access it here: [[https:~~/~~/data-proxy.ebrains.eu/api/docs>>https://data-proxy.ebrains.eu/api/docs]] or in the [[API Documentation>>doc:API Documentation]] wiki page of this collab.
39 +
68 68  )))
69 69  )))
Collaboratory.Apps.Collab.Code.CollabClass[0]
Description
... ... @@ -1,4 +1,1 @@
1 -The Data Proxy is an application that allows authenticated EBRAINS users to access Swift Object storage without a Fenix user account.
2 -This application has 2 main use cases:
3 - - It provides a dedicated optional swift container to every Collab. We call it the Collab Bucket.
4 - - It allows users to access and visualize Knowledge Graph datasets. It provides an additional layer for dataset whose access is controlled: the Human Data Gateway (HDG).
1 +Description and specification around the data proxy project.
Public
... ... @@ -1,1 +1,1 @@
1 -Yes
1 +No
owner
... ... @@ -1,1 +1,0 @@
1 -alexisdurieux
XWiki.XWikiRights[5]
Allow/Deny
... ... @@ -1,1 +1,0 @@
1 -Allow
Levels
... ... @@ -1,1 +1,0 @@
1 -view
Users
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiGuest
XWiki.XWikiRights[6]
Allow/Deny
... ... @@ -1,1 +1,0 @@
1 -Allow
Groups
... ... @@ -1,1 +1,0 @@
1 -XWiki.XWikiAllGroup
Levels
... ... @@ -1,1 +1,0 @@
1 -view