RichardBruskiewich
commented
3 years ago Post-relay Architecture Committee discussions on May 4th resolved to the short term decision of keeping downloads under user authentication. This core decision can be periodically reviewed by NCATS.
This decision doesn't resolve the additional issue of how to confirm Translator user authorization to access data based on core licensing (e.g. UMLS/SNOMED_US for SemMedDb?). Additional layers of user-centered data use agreements may be needed. Should such agreements be "shrink-wrapped" during user registration?
Data access policy needs clarification from NCATS. Unauthenticated downloading assumed so far - does this need to be changed later?
If authenticated downloads are required by policy, they will need to be implemented as such in the system.
Is it an "either/or" decision or is a "hybrid" solution required for some data sets with IP restrictions (e.g. UMLS in SemMedDb)?
Could the hybrid be that private datasets are only authenticated web site access, whereas, web services can access public data only? Would AWS S3 metadata tag such data as "public" or "private". Could AWS S3 permissions be used to manage this?