CICI: RDP: Open Badge Researcher Credentials for Secure Access to Restricted and Sensitive Data
Combining and analyzing collections of data enables scientific breakthrough. Efficient, secure data sharing and reuse also facilitates collaboration and replication, leading to better science. However, managing different access policies, authenticating, and authorizing access to restricted and sensitive data is a challenge faced by all data management organizations. Unauthorized access threatens the provenance and integrity of research data, as well as the privacy of study participants in the case of human subjects research, and can impact the conclusions we draw from them. The current systems of authorization and access that data repositories employ are opaque and difficult to manage. Existing technologies for managing researcher credentials (e.g., OAuth, ORCID, Shibboleth) are not certified by an issuing authority meaning that repositories are not able to verify users when they request access under these mechanisms. The process of identity verification is neither standardized nor well integrated with common authentication mechanisms. All of these challenges mean that data providers are often wary of sharing sensitive or restricted data or that data ends up in the wrong hands, and potential gains to society and science from using those data go unrealized. In order to reduce the complexity of efficiently, effectively, and securely managing access to research data sets, the project proposes a implementation of an open badges-compatible researcher credential system. The project has three main activities: (a) develop an open badge system for managing researcher credentials, (b) articulate levels of data sensitivity and risk that indicate criteria for access, and (c) identify the right balance between openness and privacy for data users in a restricted data access system.
Open badges are visual tokens that signal achievement, affiliation, authorization, or another trust relationship and are shareable across the web. They allow individuals to present their evolving credentials openly and to record their achievements and credentials publicly. ICPSR will develop a system for issuing badges that represent different aspects of the necessary training and experience for accessing restricted social science data. For instance, users will be able to earn badges for completing training around data stewardship that verifies their knowledge about how to securely manage restricted data. ICPSR staff will validate users? training and experience when issuing badges. The system provides verifiable, portable credentials for users to share with data providers when requesting access to restricted data.
On the data provider end, the badge system will articulate what constitutes different levels of data sensitivity and risk as well as minimum researcher criteria for data access within these levels. The matrix of data properties and researcher criteria will make it clear what credentials researchers need to work with particular data sets, and the providers can assess researchers? credentials by viewing their badges. This ensures that data providers can easily make decisions about how and to whom to share their restricted data.
National Science Foundation
Funding Period: 9/1/2018 to 8/31/2020