[DAS] Personal genomics/Deploying a DAS server for Dummies/6 Easy steps

Andy Jenkinson andy.jenkinson at ebi.ac.uk
Thu Jan 12 17:07:50 UTC 2012 

Great stuff Jon!

On 12 Jan 2012, at 15:31, Jonathan Warren wrote:
> 
> On 12 Jan 2012, at 13:43, Dan Bolser wrote:
> 
>> I want to be able to specifically grant access to my data by a known third party.
> 
> We had large debates about how to implement security in DAS at the last couple of DAS workshops. In the end it was decided we would go with BASIC authentication and https requests and responses and people would have to trust DAS clients with their username and passwords.

I believe those providers use (or are migrating to) a common authorisation protocol based on OAuth. This type of authorisation actually only allows you to control which -applications- have access to your data, not which individuals. That means each individual client needs to be configured for this purpose. Really what is needed is an end-to-end solution across both clients and servers, with a common authentication/identification mechanism and across multiple providers. Particularly the authentication part is difficult because, for technical reasons, we can't use OpenID. It'd be great and there are potential solutions, but the "activation energy" and coordination required is quite high.

Standard HTTP authentication by contrast is much easier to implement and is a sort of "easy win" for the interim.

> The registry already supports this for the web service and I believe Andy J has implemented it in proserver as well. MyDAS if it doesn't already have it, can be easily modified to do so I think and it's on my list to do this for a writeback instance I'm setting up for genomic data anyway.
> 
> However the big fly in the ointment is that I'm pretty sure no clients support it at the moment however. I'm sure ensembl doesn't and I don't think Dalliance does, GBrowse doesn't? I think maybe Web Apollo does, but I haven't heard anything from those guys in ages? I hope I'm wrong on this though. Maybe Karyodas can implement it quickly???? http://mykaryoview.com

Actually Dalliance does support HTTP authentication because, being pure Javascript, it uses the browser's implementation. The development branch of ProServer includes support for HTTP authentication and SSL encryption. I'm fairly sure the authentication (basic and digest) work well, but I think the encryption could use some testing. The main barrier though is as Jonathan says that no other clients support it, it would be easier to debug using these rather than using browsers directly.

Obviously what we really want is for Ensembl to implement it. I'm not sure what it would take for myKaryoview and Dasty, they are javascript clients but I think they use a server-side proxy so it might be hard/impossible for them to use the browser's cache of passwords. That means storing them locally, which means some sort of login system, which means extra security considerations... etc.

I think Jonathan's personal genomics server is a clear use case for authentication, and I would also seek to incorporate it into EasyDAS (Which uses ProServer). We need major clients to adopt it, and it is of course the classic DAS chicken and egg situation.

Cheers,
Andy

> 
>> Do any existing personal genotype archives have this kind of 'genotype
>> server' service, or is DAS the first system to provide this
>> functionality? Do you plan to build it into a dedicated service
>> somewhere?
> I'm in discussions about this with the powers that be at the moment. Problems would include massive memory usage if implemented this way and also legal issues around managing other peoples genomic data. Which is why the personal virtual machine in the cloud is something that is quite an elegant solution at the moment :) I would like the process for people to be even easier though and for setting up DAS sources in general.
> 
>> 
>> 
>> Cheers,
>> Dan.
>> 
>> On 12 January 2012 13:21, Jonathan Warren <jw12 at sanger.ac.uk> wrote:
>>> Hi
>>> 
>>> I've put some instructions for people with little or no technical ability
>>> and no access to IT personnel or servers, to be able to publish there
>>> genotype data from companies such as 23andme etc as a DAS source on the
>>> amazon cloud.
>>> 
>>> http://biodasman.wordpress.com/2012/01/12/easy-deployment-of-das-server-for-personal-genotype-data-to-the-amazon-cloud/
>>> 
>>> All someone needs is a tab delimited text file from one of these companies,
>>> a credit card and an internet connection. The instructions show them how to
>>> set up and deploy their server to the cloud in 6 easy steps and then view
>>> the data in Ensembl.
>>> 
>>> Example server can be accessed from here
>>> http://mychoiceofname.elasticbeanstalk.com/das/person1
>>> 
>>> Any comments suggestions welcomed.
>>> 
>>> Cheers
>>> 
>>> Jonathan.
>>> 
>>> Jonathan Warren
>>> Senior Developer and DAS coordinator
>>> blog: http://biodasman.wordpress.com/
>>> jw12 at sanger.ac.uk
>>> Ext: 2314
>>> Telephone: 01223 492314
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> --
>>> The Wellcome Trust Sanger Institute is operated by Genome ResearchLimited, a
>>> charity registered in England with number 1021457 and acompany registered in
>>> England with number 2742969, whose registeredoffice is 215 Euston Road,
>>> London, NW1 2BE._______________________________________________
>>> DAS mailing list
>>> DAS at lists.open-bio.org
>>> http://lists.open-bio.org/mailman/listinfo/das
> 
> Jonathan Warren
> Senior Developer and DAS coordinator
> blog: http://biodasman.wordpress.com/
> jw12 at sanger.ac.uk
> Ext: 2314
> Telephone: 01223 492314
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> The Wellcome Trust Sanger Institute is operated by Genome ResearchLimited, a charity registered in England with number 1021457 and acompany registered in England with number 2742969, whose registeredoffice is 215 Euston Road, London, NW1 2BE._______________________________________________
> DAS mailing list
> DAS at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/das

More information about the DAS mailing list