Skip to content

Modular Software & Services

SAFE People

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

There are a number of open-source and managed identity management software services that is able to provide authentication and authorisation services. Open-source solutions include Keycloak, Gluu and Ory and managed platforms that provide these functionalities include, Auth0, Okta, AAWS Cogito, StormPath, Azure AD, Google IAM.

Existing open-source implementation of the GA4GH Passports and AAI standards also exist to support their integration into existing authN/Z implementations.

SAFE Project

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

Our suggested list of vendor-neutral software and services that help facilitate SAFE project management with a TRE include:

  • HDR UK Data Access Request Management for Data Access Request Management
  • Helm Charts for containerised application deployments
  • Terraform configurations for complex application deployments
  • Workflow orchestration solutions that support the GA4GH WES/TES standard

SAFE Data

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

SAFE Setting

For data management there exists industry solutions around Block and Object storage with encryption capabilities and for analytics the de-facto standards used are container orchestration solutions like Kubernetes and Virtual Machine management solutions.

There also does exist vendor-neutral software to configure and deploy multiple service stack that combine these services, such as Terraform, Pulumi, Crossplane REF

SAFE Outputs

This section is a work in progress

Please suggest edits and modifications to this section by clicking on the edit link

There are a number of non-standard software and services that use rule-based heuristics to minimise the disclosure risk of output data as much as possible. These ranges from open source data anonymisation tools, e.g. ARX Deidentification Tool or Amnesia to software and services that use machine learning e.g. AWS Macie and {un}bounded differential privacy to perturb the output data, e.g. DiffLib and Cantabular.

There is also a requirement for TREs to provide standardised mechanisms to trigger and manage the Airlock process in general. We are aware of a few ad-hoc implementations via email, shared folders and web APIs, but none standardised across TREs.