Skip to content

Retrieval Journey

The retrieval journey manages secure access to datasets, ensuring users can only access data they are authorized to view. This is managed by the Data Serving Service, which acts as a gatekeeper.

If a dataset is not public, the user must go through an access granting workflow:

  1. Contact: The user contacts the Data Controller via the provided template.
  2. Negotiation: Terms are negotiated and a contract is signed.
  3. Registration: The Data Controller updates the Roles & Rights DB via the management dashboard.
  4. Expiry: Access is time-limited; the system automatically removes access and notifies both parties once the duration expires.
sequenceDiagram
    accDescr: Retrieval Journey.
    participant U as Front-end/CLI
    participant G as API Gateway
    participant A as Data Serving Service
    participant R as Roles & Rights DB
    participant S as Storage

    U->>G: GET /dataset/{id}
    G->>A: Forward request
    A->>R: Check access rights (user + dataset ID)
    R-->>A: Confirm/Reject access

    alt User has access (public dataset OR pre-granted rights)
        A->>S: Fetch dataset
        S->>S: Prepare data
        S-->>A: Return data
        A-->>G: Deliver dataset
        G-->>U: Return dataset
    else User lacks access
        A-->>U: Access denied (403) + Data Controller contact info
    end

Key features:

  • Data Serving Service: Acts as the central gatekeeper, validating user identities and access rights before fetching data.
  • Role-Based Access Control: Manages permissions through a Roles & Rights database to distinguish between public datasets and those requiring specific grants.
  • Audit Logging: Maintains a complete record of all access attempts for security and compliance monitoring.

Access Control Flow

For non-public data, the system facilitates a structured workflow between the Data User and the Data Controller.

Key features of access management:

  • Time-Limited Access: Automatically removes user access and notifies all parties once a predefined duration expires.
  • Management Dashboard: Provides Data Controllers with an interface to select datasets, assign users, and set expiration dates.
  • Negotiation Workflow: Supports a formal process including term negotiation and contract signing before access is registered.

Key features of data delivery & packaging

  • Metadata & Provenance Inclusion: Packages datasets with their full metadata, origin, and processing history.
  • Secure Encrypted Transfer: Protects data integrity and privacy during transmission from storage to the user.
  • Format Preservation: Delivers data in its original format while including necessary reference datasets and usage guidelines.

Access Granting Process

Process The access granting process formalizes the relationship between the Data User and the Data Controller, ensuring that legal and ethical obligations are met before sensitive data is released. This workflow transitions from manual negotiation to automated system enforcement

  • Contractual Foundation: Access is predicated on a signed agreement, ensuring that data usage aligns with the original consent and institutional policies.
  • Time-limited permissions: The system treats access as a lease rather than a permanent right. By registering a specific duration in the Data Hub, the platform mitigates the risk of "permission creep."
  • Automated Lifecycle Management: To reduce administrative overhead and security debt, permissions will automatically expire.
sequenceDiagram
    accDescr: Access Control Flow.
    actor U as Data User
    actor C as Data Controller
    participant R as Data Hub

    U->>C: Contact via provided template (email/form)
    C->>U: Negotiate terms
    U->>C: Sign contract
    C->>R: Register access rights (user + dataset + duration)
    R-->>U: Confirm access granted
    Note over U,R: Time passes
    R->>R: Permission expires
    R-->>C: Sends access expired notification
    R-->>U: Sends access expired notification

Access Management Interface

The Access Management Interface provides Data Controllers with a secure, centralized environment to oversee their datasets and manage user permissions. It serves as the administrative bridge between the legal contract and the technical enforcement layer

  • Identity-Linked Permissions: Controllers can precisely target access by associating specific user identifiers from the IAM4NFDI identity federation with individual datasets.
  • Atomic Updates: The interface communicates with the Access Management Service to perform "upsert" operations on the Roles & Rights DB, ensuring that permissions are either fully updated or safely rolled back in the event of an error.
  • Validation Feedback: The system performs real-time validation to prevent the assignment of rights to non-existent users or datasets, providing immediate diagnostic feedback to the Controller through the front-end dashboard.
sequenceDiagram
    accDescr: Access Management Interface.
    actor C as Data Controller
    participant F as Front-end
    participant G as API Gateway
    participant A as Access Management Service
    participant R as Roles & Rights DB

    C->>F: Log in (authenticate)
    F->>C: Show dataset management dashboard

    C->>F: Select dataset
    Note over F: Add user (email/ID)<br>Set expiration date
    C->>F: Press OK

    F->>G: POST /access-registry/<dataset_id>
    G->>A: Forward request
    A->>R: Update access rights (upsert record)

    alt Success
        R-->>A: Confirm update
        A-->>G: 200 OK
        G-->>F: 200 OK
        F->>C: Show success + summary of granted access
    else Failure (e.g., invalid user/dataset)
        R-->>A: Error (e.g., 404 dataset not found)
        A-->>G: 400/404 Error
        G-->>F: Propagate error
        F->>C: Show error message
    end