Version 29.1 by alexisdurieux on 2022/01/31 11:19
Show last authors
1 (% class="jumbotron" %)
2 (((
3 (% class="container" %)
4 (((
5 (% style="text-align: justify;" %)
6 = Data Proxy & HDG =
7
8 The Data Proxy is an application that allows authenticated EBRAINS users to access Swift Object storage without a Fenix user account.
9 This application has 2 main use cases:
10
11 * (((
12 It provides a dedicated optional swift container to every Collab. We call it the Collab Bucket.
13 )))
14 * (((
15 It allows users to access and visualize Knowledge Graph datasets. It provides an additional layer to access datasets with more sensitive human data that has been strongly pseudonymized (e.g  defaced brain scans): The **Human Data Gateway**
16 )))
17 )))
18 )))
19
20 (% class="row" %)
21 (((
22 (((
23 (% style="text-align: justify;" %)
24 The data proxy core is the application that acts as a proxy to the object storage (Swift).
25
26 (% style="text-align: justify;" %)
27 === Object Storage ===
28
29 The documentation of Swift object storage can be found here:
30
31 [[https:~~/~~/docs.openstack.org/swift/pike/admin/objectstorage-intro.html>>https://docs.openstack.org/swift/pike/admin/objectstorage-intro.html]]
32
33 (% style="text-align: justify;" %)
34 === Authentication ===
35
36 (% style="text-align: justify;" %)
37 The Data Proxy authenticates its users with the EBRAINS (Collaboratory) IAM service.
38
39 (% style="text-align: justify;" %)
40 Prior to the availability of the Data Proxy, EBRAINS users had to request a Fenix user account in order to access object storage capabilities on the Fenix infrastructure. With the Data Proxy, a user only needs to have an EBRAINS account to access object storage resources (effectively on the same Fenix object storage infrastructure). Data stored in this way is held in the name of the data proxy service account on Fenix, and the Data Proxy tracks who has access to which data.
41
42 (% style="text-align: justify;" %)
43 === Permissions ===
44
45 (% style="text-align: justify;" %)
46 We use the Collaboratory authorization system to manage permissions in the Data Proxy.
47
48 (% style="text-align: justify;" %)
49 A Swift object container can be associated to each collab. Object containers are also known as "buckets"  to avoid confusion with other containers (e.g. Docker containers). An EBRAINS user can perform the following actions on a bucket depending on the user's permissions (as defined by the collab's Team) in the collab associated with the bucket.
50
51 (% border="3" %)
52 |=(% style="text-align: justify;" %)Team permissions of a collab|=(% style="text-align: justify;" %)Available actions on that collab's bucket
53 |(% style="text-align:justify" %)Viewer|(% style="text-align:justify" %)Read
54 |(% style="text-align:justify" %)Editor|(% style="text-align:justify" %)Create, Read, Update, Delete
55 |(% style="text-align:justify" %)Admin|(% style="text-align:justify" %)Create, Read, Update, Delete
56 |(% style="text-align:justify" %)Not a collab member|(% style="text-align:justify" %)Read access only if the collab is public
57
58 (% class="wikigeneratedid" %)
59 You can access the buckets in the "Bucket" navigation element in every collab.
60
61 === Collaboratory bucket vs drive ===
62
63 A collab offers 2 main locations to store files: a drive and a bucket. The drive offers more advanced features like recognition of file formats (Office, Markdown, PDF) with applications specific to each, simplified version control, smart links. The bucket on the other hand offers larger storage capacity and better bandwidth. The bucket is recommended for datasets (brain scans, EEG, derived data) and videos (including for streaming).
64
65 === API ===
66
67 The API is self-documented using Swagger UI. You can access it here: [[https:~~/~~/data-proxy.ebrains.eu/api/docs>>https://data-proxy.ebrains.eu/api/docs]] or in the [[API Documentation>>doc:API Documentation]] wiki page of this collab.
68 )))
69 )))