How can trust and identity help with impact tracking

The problem 

There is a pressing need for research infrastructure operators, to have a clear understanding of their users, so they can produce accurate reports and statistics based on the usage of their infrastructure.  

Currently this is a complicated and often onerous task, as their users may have multiple accounts and identities, sometimes outside the realm of any one institution. This complex jumble of identity makes it difficult for a research operator to have a clear picture of exactly who their users are.  

 In 2023, a landscape analysis of national research infrastructures (NRI) conducted by the AAF, revealed that many NRI currently have limited data on their users, and that there is a high level of administrative burden required to accurately identify their users, and track the user’s activity outcomes. 

For example, an individual user may access research infrastructure services through a code repository account such as GitHub, a research community membership, or an external identity such as ORCID. In isolation, the identity attributes from these distributed identities do not provide a clear picture of the user. When this comes to reporting it also means that an accurate reflection of usage cannot be provided. 

 The situation becomes even more challenging when a research service – such as a computational model – is utilised through other facilities such as high-performance computers (HPC) and cloud storage. In such instances, the identity attributes conveyed to the service provider via the alternate facility (e.g., the HPC facility) may not be adequate for effective tracking and usage monitoring of the service (e.g., models). 

What we’re exploring

AAF is investigating technologies, processes, and policies, to improve the tracking of research facility usage, across the Australian research ecosystem. The Trust and Identity Framework provides the basis for a technical solution, and it can build a rich understanding of the users that make up the community, by combining attributes from multiple identity providers into an Attribute Authority (AA) Service.  

An AA Service can combine attributes and make certain statements about entities and assign attributes to them. The AA Service can be the authoritative source of these statements or be a proxy that asserts these statements based on trusted information that it obtains from other sources.  

Technology  

There are several technology solutions that align with the Trust and Identity Framework, and the requirements for implementing an AA Service.   

• Authentication and Authorisation Systems: Implementing secure authentication and authorisation systems to control access to distributed instruments. This ensures that only authorised users can use the instruments, and their usage is tracked accordingly. CILogon is an example of such a system. CILogon provides an integrated open-source identity and access management platform for research collaborations, combining federated identity management (AAF) with collaborative organisation management (COmanage). CIlogon enables implementation of an AA Service through centralising authentication, authorisation and streamlining the process for end users and management. CILogon aligns with the T&I Framework. More details on CILogon can be found here (link).  
• Using unique identifiers such as ORCID, GitHub ID etc. 
• Research infrastructure management systems (RIMS): Integrating tracking mechanisms with RIMS enables a comprehensive view of users’ contributions and impact. RIMS often include functionalities for tracking research outputs and collaborations. 
• Laboratory Information Management Systems (LIMS): Connecting instrument tracking with LIMS allows for comprehensive data management. LIMS can store information about sample types, experimental conditions, and user details, enhancing the overall context of instrument usage.

Policy

Implementing an AA Service requires considering compliance with a range of policies, such as authentication policies and membership management.   

• Acceptable Authentication Assurance Policy 
• Which identity providers are acceptable for your infrastructure? Social providers such as Google, Facebook etc?  
• How much certainty does your community require of the identity?  
• Membership Management Policy  
• Privacy and Data Protection Policy  

Use cases

The use cases below have been developed based on exploratory work with the Australian Earth-System Simulator (ACCESS-NRI) and Microscopy Australia. 

The AAF is investigating opportunities to improve impact tracking for these two research facilities who have different types of requirements in relation to impact tracking: 

• Distributed resources and a lack of standards on usage measurement and impact tracking (Microscopy Australia)
• In-direct access to resources and a lack of access to usage information and user attributes (ACCESS-NRI)

Microscopy Australia 

Microscopy Australia is a national facility, characterised by distributed facilities and instruments across Australia, with approximately 240 microscopes spread across nine facilities. Adding to the complexity, facilities are usually managed by an institution – usually a university – who may apply their own impact tracking policies, which may not necessarily suit well with the facilities requirements.  

For instance, several facilities across the Microscopy Australia network are using booking technologies for tracking usage, whereas others are using instruments’ identifiers as a way of tracking usage. Lack of a standard approach in reporting usage tracking has proven to be inefficient, both at an operational and strategic level, for a facilities’ staff and for research impact measurement. 

 AAF is in the process of conducting an analysis of current usage tracking approaches across Microscopy Australia and will provide solutions (technology, policy, processes) and guidelines on how these approaches could be standardised for the future.  

 ACCESS-NRI  

ACCESS-NRI  is a national research Infrastructure created to support the development and research of the Australian Community Climate and Earth System Simulator (ACCESS) modelling system. They provide a computer modelling framework for research with atmospheric, ocean, sea-ice, and land surface models, coupled to a range of chemical and biological models. To be able to run such computer models, researchers need to utilise super-computers and/or cloud data storages.  

ACCESS-NRI  provides this service in collaboration with National Computational Infrastructure (NCI). Users who want to run a model are also required to have an NCI account, and access and run models through that account. However, since a user’s authentication is managed through NCI, ACCESS-NRI does not have any data on a users’ authentication and access, and therefore they are not able to directly measure how the models are used by research community.  

AAF is currently in the discovery stage of an incubator with ACCESS-NRI, with the objective to develop a solution that can improve the current usage tracking approaches across all ACCESS-NRI resources.