Modular Software & Services¶
SAFE People¶
This section is a work in progress
Please suggest edits and modifications to this section by clicking on the edit link
There are a number of open-source and managed identity management software services that is able to provide authentication and authorisation services. Open-source solutions include Keycloak, Gluu and Ory and managed platforms that provide these functionalities include, Auth0, Okta, AAWS Cogito, StormPath, Azure AD, Google IAM.
Existing open-source implementation of the GA4GH Passports and AAI standards also exist to support their integration into existing authN/Z implementations.
SAFE Project¶
This section is a work in progress
Please suggest edits and modifications to this section by clicking on the edit link
Our suggested list of vendor-neutral software and services that help facilitate SAFE project management with a TRE include:
- HDR UK Data Access Request Management for Data Access Request Management
- Helm Charts for containerised application deployments
- Terraform configurations for complex application deployments
- Workflow orchestration solutions that support the GA4GH WES/TES standard
SAFE Data¶
This section is a work in progress
Please suggest edits and modifications to this section by clicking on the edit link
SAFE Setting¶
For data management there exists industry solutions around Block and Object storage with encryption capabilities and for analytics the de-facto standards used are container orchestration solutions like Kubernetes and Virtual Machine management solutions.
There also does exist vendor-neutral software to configure and deploy multiple service stack that combine these services, such as Terraform, Pulumi, Crossplane REF
SAFE Outputs¶
This section is a work in progress
Please suggest edits and modifications to this section by clicking on the edit link
There are a number of non-standard software and services that use rule-based heuristics to minimise the disclosure risk of output data as much as possible. These ranges from open source data anonymisation tools, e.g. ARX Deidentification Tool or Amnesia to software and services that use machine learning e.g. AWS Macie and {un}bounded differential privacy to perturb the output data, e.g. DiffLib and Cantabular.
There is also a requirement for TREs to provide standardised mechanisms to trigger and manage the Airlock process in general. We are aware of a few ad-hoc implementations via email, shared folders and web APIs, but none standardised across TREs.