Who Gets Data Rights? From LPM-261:

DAPOL-220 All US scientists are Full LSST Users with both data rights and data access, who will access the proprietary data through the Data Access Center (DAC), which also provides dedicated computational resources for analysis. Defines "US scientist" as any US resident, or staff or student at a US institution (including their affiliated international satellites) that wishes to access the LSST data through the science platform in order to [“do science”]. In practice, most US scientists will obtain DAC accounts through their affiliation with a US scientific research institute or university. The small number of US scientists without such an affiliation will be provided a mechanism to request a DAC account; for example, a website interface to submit a request for verification of eligibility to the Data Access Policy Committee (Section 9.1).

DAPOL-240 All Chilean scientists are Full LSST Users with both data rights and data access, and will access the proprietary data through the Chilean DAC. The Chilean LSST community plans to grant DAC accounts to their Full LSST Users using the SOCHIAS list of scientists eligible for Chilean telescope time: http://www.sochias.cl/

International Contributors A set of International Contributors have signed Memorandum of Agreement (MoA) which agree to a financial contribution to Operations in exchange for a certain number of named "Principal Investigators" (PIs) with data rights. Each PI may have up to four junior scientists (postdoctoral fellows and/or graduate students) who also have data rights. It is left to these International Contributors to name the individuals with data rights.

DAPOL-260 Individuals who have attained LSST Builder status shall be Full LSST Users, regardless of their location or institution. LSST Builder status is conferred after 2 full-time equivalent years of contributions to the LSST Construction Project and does not expire (i.e., DAPOL-280 does not apply).

Proposed Method

DAPOL-220: Granting data rights based on campus attributes:

  • LPM-261: “In practice, most US scientists will obtain DAC accounts through their affiliation with a US scientific research institute or university.”

  • National federations follow the eduPerson attribute standard:

  • member@example.edu in national federation (InCommon) has data rights--this does include postdocs and students as members by default

DAPOL-220, DAPOL-240, DAPOL-260: Granting data rights based on LSST review:

  • LPM-261: “small number of US scientists without such an affiliation”

  • LPM-261: “All Chilean scientists are Full LSST Users with both data rights and data access”

  • User clicks "apply for data access rights" button

  • LSST review:

    • automated based on (verified) email address

      • .edu TLD is "U.S.-accredited educational institutions" with some grandfathered exceptions

    • check campus directory info

    • Builder Status is a field in LDAP

    • All Chileans with data rights, see the SOCHIAS list: http://www.sochias.cl/

International Contributors: Granting data rights based on named individuals:

  • Email-based invitation process:

    • invite "named individuals" to create LSST account if they haven't already or add data rights to existing account (i.e. place them in the proper LDAP group)

    • For International MoA: LPM-261: “Each PI may have up to four junior scientists (postdoctoral fellows and/or graduate students) who also have data rights.”

LDAP Groups:

Using the LSST Group Naming scheme (see LSE-279 and https://confluence.lsstcorp.org/x/9pdiB), the following groups have to be created and new users added depending on data access rights determined from the criteria above:

  • All users should be placed in lsst_users this does not confer data access rights.

  • US Astronomers: lsst_protu_usastro

  • Chilean Astronomers: lsst_protu_clastro

  • One group per PI per MoA: lsst_protu_moa<international PI>

  • Builder Status Group: lsst_protu_builders

  • LSST Users would be union of the groups: lsst_protu_usastro ∪ lsst_protu_clastro ∪ lsst_protu_moa<international PI> ∪ lsst_protu_builders

  • LSST Full Users is the union of US, Chilean and Builders and select MoAs (LPM-261: “The individual MoA (and any amendments) for an International Contributor does, or will, specify whether or not the named PIs and their junior associates are Full LSST Users with both data rights and data access”).

    • lsst_protu_usastro ∪ lsst_protu_clastro ∪ lsst_protu_builders

  • All LSST Full Users have a group automatically created upon account creation.  This group serves as a namespace over which they have control. For example, the user jbasney, would have the group lsst_jbasney.  The user jbasney could then create and manage (i.e. determine membership of) a group called lsst_jbasney_galaxyXYZ.  This group could then be used to control access to user generated data products.

How Long?

DAPOL-280 When a LSST User departs the institution through which their data rights were conferred, they retain their data rights for one year (unless data rights are conferred through a new affiliation). This also applies to data access for Full LSST Users.

Maintaining data rights:

  • Annual re-validation of "designated additional individuals"

    • Send out annual email requiring account holder to verify status and affiliation

  • Group auditing → owner of group verifies membership?

    • i.e. MoA PI: please verify your group of 4 individuals

  • de-provisioning of data rights?

    • "Once a scientist has data access, they don't lose it even if they change institutional affiliations."

    • faculty change of institution: leaving USA

    • what happens when student graduates?

  • No labels