curity and
| Title | EOSC Helpdesk: Architecture and Interoperability Guidelines |
|---|---|
| Pulished version's URI | https://doi.org/10.5281/zenodo.7308617 |
| Revised version links | Pavel has revised the document here and will publish to Zenodo when approved: |
| Link to Metadata | |
| Date Issued to EIAC | 18 November 2022 11:57 |
| Submitted by | Pavel Weber |
| Outcome of EIAC review | Approved |
| Date Issued to EIAB | 15.05.2023 |
| Outcome of EIAB review | Approved at 30.05.2023 meeting |
| On portal? | yes |
Overview
The proposed document has been submitted for inclusion in the EOSC Interoperability Framework,
Comments should be made either on eiac@eoscfuture.eu, where they will be archived for future reference or added to the change log below. Comments posted to other discussion methods will not be included in the review.
Statements of Support/Deny
All members of the EIAC are encouraged to make a statement of support or dissension in consideration of this proposal.
Name | Organisation | Support or Deny | Reason (if denied) |
|---|---|---|---|
| George Papastefanatos | ATHENA RC | Support | |
Diego Scardaci | EGI | Support | |
| Gavin Farrell | EMBL/ELIXIR | Support | |
| Levente Farkas | EGI | Support |
Comment/Change Log
Please fill in any comments or proposed changes below or add them as issues on the github repository.
Number | Current Text | Proposed Text / Query | Commenter | Action by author |
|---|---|---|---|---|
| 1 | GENERAL Comment | Every endorsement request should be accompanied by the inclusion of the IF Profile record as an appendix\link to a spreadsheet etc.. | We agree with the general remark. As for the EOSC Monitoring, this is already with the Athena team. | |
| 2 | Generally speaking I think the document reads well. | Niels van Dijk, SURF | ||
| 3 | In section "8 Adopted Standards" I am missing protocols and standards for authentication. Given that EOSC AAI has developed an architecture for federated AAI to allow access to all services in EOSC, I would assume also supporting services like a help desk will have federated access enabled? Helpdesk Service uses SAML login and 'EOSC AAI Login'. Service Owner to add further details | Niels van Dijk, SURF | SAML2 description added | |
| 4 | The help desk systems are likely to receive, store and exchange personal data. I would therefore have expected some statements on privacy and data protection (or at least pointers to the principles that will be followed or implemented). NB: Service Privacy statement is available here https://eosc-helpdesk.scc.kit.edu/privacy-policy. The document would benefit from contextualising this information, and Service Owner is awaiting information and assistance from the EOSC Data Privacy Group to improve the policy and to create a DPA. Until such time that this is done, service integrations are on hold. | Niels van Dijk, SURF | section 11 added | |
| 5 | The helpdesk may potentially receive sensitive data, which might contain information about, or may impact security of systems operated within EOSC. I would have expected some statements on how the helpdesk support and implements secure communications regarding these types of information, will e.g. "Traffic Light Protocol" be used, will messages be encrypted if needed? Zammad supports S/MIME for security of email communication; the Service Owner will liase with the Security Group led by David Groep. | Niels van Dijk, SURF | Partially answered in section 11, as mentioned helpdesk is a matter of security measures and control by EOSC Security group led by David Groep. | |
| 6 | It is envisioned multiple help desk systems, operated by multiple independent entities will be interacting. How/where is this interaction defined (e.g. a policy for connected systems?), especially in lights of my previous questions regarding privacy and security? | Niels van Dijk, SURF | Section 11. | |
| 7 | It looks like the EOSC helpdesk is the first entry point for all interactions. Does that mean the EOSC helpdesk will take legal responsibility for the processing of personal data for its own and all connected systems under GDPR? DPA is required. Further discusions required to respond to this comment fully. | Niels van Dijk, SURF | Section 11. | |
| 8 | I agree with Niels on all his points. Furthermore, I'm wondering if the EOSC Association as helpdesk operator(?) is planning to act as a legal proxy? In terms of data protection, the service provider or the community would act as a data processor (cf. GDPR, Art. 28). For other aspects of the cooperation, at least some kind of MoU would be appropriate? | Wolfgang Pempe, DFN | We strongly rely on the assessment of further measures to ensure GDPR compliance on EOSC Privacy group. So far we haven't got any proposal from EOSC privacy group to communicate with EOSC Association on this subject as the current proposal of KIT data privacy experts has been accepted without further comments. | |
| 9 | p4: Description …: The EOSC Helpdesk https://eosc-helpdesk.eosc-portal.eu is … . Place URL in the footnote, or within () | Mark van de Sanden (SURF) | done | |
| 10 | p4: Response to Community Need: Reding the section, it feels this section does not correspond to the title of this section. It does not describe the community needs, it is more a description of particular features. Having a section describing the communities is I think good. | Mark van de Sanden (SURF) | The needs of communities are very different, to describe all requirements we collected so far we would need double volume compared to this document. We could shrink the requirements to the major ones but then we would come the list of components on page 5. I have added one sentence to stress the wide range of options available for communities for implementation, I hope that is enough. | |
| 11 | p4: High-level … : typo in reseearch -> research | Mark van de Sanden (SURF) | Done | |
| 12 | p5: Figure 1: From a high level diagram I would like to see initially more a context diagram including the different stakeholders, as a requestor but also providers in the picture, with the interactions from stakeholders with the helpdesk system. A technical diagram of the helpdesk system is also good to have. | Mark van de Sanden (SURF) | I think Mark refers to more C4 Model approach, we have actually discussed and implemented together. We need to discuss it further to see if it fits to this document. In general I observe that people who are contacting me, are not interested in understanding of general technical interaction diagram as they are mostly interested how the helpdesk could facilitate their particular use case. We can't provide the description of each particular use case and to have a generic complex diagram wouldn't help them to understand how it fits to their needs. So that kind of diagram could be useful for discussions on general EOSC architecture, but not here in IG with focus on customers. | |
| 13 | p5: Figure 1: Maybe update the diagram with a diagram from IcePanel. | Mark van de Sanden (SURF) | We could discuss it, if we have appropriate diagram in IcePanel and if we agree with my previous comment. | |
| 14 | p13: In the section of full integration in the table of required information some examples are missing, for example on mapping scheme, ticket note, ticket state. This looks important. On the mapping scheme I can imagine an example is too much information to be put into a cell, maybe add an reference to an annex or section. | Mark van de Sanden (SURF) | Added example for ticket state and ticket priority mapping, the ticket private note requires only answer Yes/No and ensures the synchronization of private notes between helpdesks text<->text the same as public comment, the example of answer is yes or no. | |
| 15 | p13: In the case of the full integration I assume server to server authentication is token based or in another way. But in any case, this is not specified. | Mark van de Sanden (SURF) | we perform the integration based on the credentials of a generic user in the third-party helpdesk, I have added this field to the table. | |
| 16 | Response to Community Need section Could be strengthened to compel users through highlighting the need for the Helpdesk augmentation and solutions it offers over not using it to the end service/resource users. (Flagged in suggested mode in doc comments.) | Gavin Farrell (EMBL/ELIXIR) | ||
| 17 | Examples of solutions implementing this specification section The final section on use cases could consider highlighting why they made their choice of the various intergation options described and also a figure potentially to compare and contrast/highlight the different benefits. This could help inform new potential guideline adopters. (Flagged in suggested mode in doc comments.) | Gavin Farrell (EMBL/ELIXIR) |
3 Comments
Gavin Farrell
Hi Anke Friedrich . I have reviewed 21/03/2023 as requested.
I am in favour of the the guideline. Very clear and understandable. I have made detailed suggestions within the doc and updated any minor grammtaical, spellings.
https://docs.google.com/document/d/1UEoizeWvK49Zcu7ldyVy9gmO5HyDLK54/edit?usp=sharing&ouid=111033859289171622505&rtpof=true&sd=true
I further flagged some consistency considerations and for figures/tables.
Only other key areas to consider updates/further work are:
Anke Friedrich
Hi Gavin Farrell , great work! This is very detailed.
Would you mind putting your support into the second table from top together with the two major points you would like considered.
Thanks a lot
Gavin Farrell
Thanks Anke, have added to the table and I confirming I have edit access all OK.