hicss 2012 presentation

PALMS:A Modern Coevolution of

Community and Computing Using

Policy Driven Development

HICSS 2012

Maui, HI

January 5, 2012

Barry Demchak

1

Motivation

???

2

Study

Repository

Visualization

Repository

Calculation

Repository

Observation and Solution

PI

Study

Study

Study

PI

Study

Study

PIStudy

PALMS

StudyStudyStudy

Study

StudyStudy

PI PI

PI

Community

• Policy-driven access control

– Subject data

– Study data

– Calculations

– Visualizations

• Secure

• HIPAA Compliance

• Customized Studies

• Collaboration

• Data Reuse

Browser

Excel,

Matlab…

Personal Activity Location

Measurement System• Understanding where activity-

related energy expenditure

occurs in time and space

3

• Common Research Interests– Geospatial activity data based on wearable devices

– Activity classification based on trips

– Engineering better health

• Common Problems– Safe and secure data storage

– Trip and activity classification algorithms

– Transfer of analysis to visualization

– Funding

• The PALMS Strategy– Build it and they will come?

Community Drivers

4

Roadmap

• Approach to PALMS Community development

• PALMS technical requirements

• Rationale for Policy Driven Design

• Mechanics of Policy Driven Design

• Example of policy injection and policies

• Feature injection

5

Emerging PALMS Community

• Engagement

– 20+ groups internationally (mostly non-NSF/NIH)

– Advisory Board and online surveys (SurveyMonkey)

– Early adopters

– Existing networks (GPSHRN, ALR, IPEN) – newsletters and co-grants

– 1st Annual International PALMS User Conference

• Lowering Barriers to Entry

– Introduction and instruction video

– User documentation

– IRB and grant language

– Scientific validity – validated algorithms

– Revenue model

– Preloading data & PALMSCom

• Incremental scaling

– Distributed models (calculation execution, data storage, server, authorship)

– File Sharing (concentric rings) & social networks

6

The Technical Requirement

• Technical Requirements

– Support research workflows

– Security and privacy

– High reliability and availability

– Scalability (bandwidth/storage/users)

– Auditability

– Provenance and curation

• Key Insights

– All stakeholders must have requirements met, or CI degrades

– Existing development models have long latencies

– Requirements are often lost in translation

– Success of CI depends on

– Accurate, timely, and continuous requirement elicitation

– Precise requirement formulation

– Low implementation latency

– Automatic requirement composition

7


• Goals

– Enable rapid customization

– Empower stakeholders to directly define behavior

• Service Oriented Architecture (Rich Services)

– Services loosely coupled

– Late binding

– Scalability

– Testable

– Interoperable

– Incremental development

– Composition

– Services can be hierarchically decomposed

8


• Goals





– Service interactions can be intercepted


Producer Database

OK

StoreData(xxx)

Tim

e

9

Access Control

Producer Database

Message Bus

Sto

reD

ata

(xxx)

OK


• Goals





– Service interactions can be intercepted


Event

LoggerPolicy

Service/

Data

Connector

Community

Calculation

Repository

PALMS Service

Service/

Data

Connector

Device

Repository

Calculation

Repository

Study Repository

Observation

Repository

Subject

Repository

Failure Detection/

Mitigation

Result

Repository

Community

Device

Repository

Event

LoggerPolicy

Failure Detection/

Mitigation

Browser User Interface

10

Study

Repository

Visualization

Engine

CalculationEngine

PALMS

StudyStudyStudy

Study

StudyStudy

PI

RA

Enter

Subjects

Enter

Observations

Guest

Real Workflows

11

Study

Repository

Visualization

Engine

Calculation

Engine

PALMS

StudyStudyStudy

Study

StudyStudy

PI

RA

Guest

Policy

Policy

Admin

Policy in Action

Policy (def.): Permission

for someone to act on

something

12


• Goals




• Workflows as service compositions

User

Interface

Device

Repository

GetList(userID)

DeviceID[]

Show Devices Screen

GetDevice List

Show Device List

UI UIPALMS

13

A Workflow and Policy Case Study

Filter by Role

User

Interface

Device

Repository

Policy: Reject

Role(userID)PI

GetList(userID)

DeviceID[]

Err: Reject

… or ...{

Allow only PIs

Show Devices Screen

GetDevice List

Show Device List

UI UIPALMS

User

Interface

Device

Repository

Policy: Filter Device Recordsby Role(userID)

GetList(userID)

DeviceID[]

14


• Goals





• Policy injection

– Policy evaluation

– Domain Specific Language (DSLs)

User

Interface

Device

Repository

Policy

Engine

GetList(userID)

GetList(userID)

DeviceID[]DeviceID[]'

Policy: Reject

Role(userID)PIErr: RejectEvent

LoggerPolicy

Service/

Data

Connector

Community

Calculation

Repository

PALMS Service

Failure Detection/

Mitigation

Community

Device

Repository


15


• Goals






– Policy evaluation

– Domain Specific Language (DSLs)

if ($UserID = '/O=caBIG/CN=bdemchak')

then () (: execute normal flow :)

else return 'Err:Reject'

if (palms:subject-in-study-role('PI')

then () (: execute normal flow :)

else return 'Err:Reject'

DeviceListPolicy.templateReference = DeviceListTemplate

DeviceListPolicy.templateParameter.RoleList = PI

16


• Goals






• Feature injection

– Policy System

– Auditing

– Provenance

Event

LoggerPolicy

Service/

Data

Connector

Community

Calculation

Repository

PALMS Service

Failure Detection/

Mitigation

Community

Device

Repository


Policy Engine

Policy Repository

Policy UI

Event Acquisition

Event Repository

Audit UI

17

Success!

Event

LoggerPolicy

Service/

Data

Connector

Community

Calculation

Repository

PALMS Service

Failure Detection/

Mitigation

Community

Device

Repository


18

Questions?

19

Service Orientation

Decomposition

Interception

Policy Injection Feature Composition

SPSS

ESRI

GPS Device

Accelerometer

Others

PALMS

Study StudyStudy

Study

Filtering Filtering Filtering

Scoring

Analyzing

Scoring Scoring

Analyzing Analyzing

External

Data

Subject

DataRaw Data

Others

...

...

Google Maps Viewer Other Local Viewer

Data Flow (CI)

20

Rich Services

21

Messenger

Router/Interceptor

Policy

Se

rvic

e/D

ata

Co

nn

ecto

r

Messenger

Router/Interceptor

Failure

Manager

...

<<Rich Service>> S

Se

rvic

e/D

ata

Co

nn

ecto

r

...

<<Rich Service>> S.n

Service/Data

Connector }<<

Rich

Infrastructure

Services

>>Encryption

Service/Data

Connector

Logging

Service/Data

Connector

Failure Manager

Service/Data

Connector

...

Service/Data

Connector

S.1

Service/Data

Connector

S.2

Service/Data

Connector

}<<

Rich

Application

Services>>

S.n.2

Service/Data

Connector

S.n.m

Service/Data

Connector

}

<<

Rich

Application

Services

>>

S.n.1

Service/Data

Connector

Service/Data

Connector

Logging

Service/Data

Connector

Encryption

Service/Data

Connector

Policy ...

Service/Data

ConnectorService/Data

Connector

<<

Rich

Infrastructure

Services

>>}

From tightly to l o o s e l y coupled systems

Rich Service Blueprint

22

Event LoggerAccess

Policies

PALMS Integration System

Integration

Adapter

Data

Repository

HIPAA

Policies

Service/

Data

ConnectorViewer

Viewer

Adapter

Consumer Systems

Service/

Data

ConnectorSensor

AdapterSensor

Producer Systems

Subject

Repository

Service/

Data

ConnectorAuthoring

Calculation

Repository

Calculation Systems

ExecutionPrototyping

Failure Detection/

Mitigation

Logical Architecture

23

Rich Services Virtual Network

Rich Services

RAS4

Services

Service S1

Roles

U1

U2

U3

U4

U5

Use Case Graph

ConcernsC1 C2 C3

C4CC1

CC2CC3

Domain Model

R1 R2

R3 R4

R5 R6

R1 R2

msg

R3

CC1

CC2

Role Domain Model

R1 R2

R3 R4

R5 R6

CC1 CC2 CC3

Router/Interceptor

Messenger/Communicator

RAS1 RAS2

CC1 CC4 CC5

Router/Interceptor

Messenger/Communicator

RAS5 RAS6RAS3

S

/

D

S

/

D

RIS:

RIS:

Se

rvic

e E

lic

ita

tio

nR

ich

Se

rvic

e A

rch

ite

ctu

re

RAS7

System of Systems Topology

H1 H2

H3

H5

H6

H7

H8

H9H4

RAS1 RAS2 RAS3

RAS5 RAS6 RAS7

Infrastructure Mapping

H1:RAS1 H2:RAS2

H3:CC1

H5:RAS2

H6:RAS5

H7:RAS7H8:RAS7

H9:RAS6

H4:RAS3

Op

tim

iza

tio

n

Implementation

RAS1 RAS2

RAS3 RAS4

RAS5 RAS6

RAS7 CC1

CC2 CC3

CC4 CC5

An

aly

sis

Syn

the

sis

An

aly

sis

Ide

ntifica

tio

n

De

fin

itio

n

Co

nso

lida

tio

n

Refinement

Hierarchic

compositionRefinement

Logical Model

Sy

ste

m A

rch

ite

ctu

re

De

fin

itio

n

Logical Architecture Loop

Deployment Loop

Rich Service Development Process

24

Yesterday Today

Device A Device B Device C Subjects

Calculation 1

Result 1

• Calculations are complex (includes tagging, hides

intermediate results)

• Results can’t be used in

calculations


Calculation 2

Result 3

Tagging

B

Tagging

C

Tagging

Subj

Tagging

A

Tagged

A

Tagged

B

Tagged

C

Tagged

Subj

Calculation 3

Result 2

• Finer grained calculations easier

to write and reuse

• Intermediate results can be

reused

• Results can be fed to calculations

Flexible Networks

25

Provenance

Device B Device C Subjects Calculation 1

Result 1

Today Tomorrow

Solution: Provenance

Tracking which calculations and

data contributed to a result

What went into Result1?


Calculation 2

Result 3

Tagging

B

Tagging

C

Tagging

Subj

Tagging

A

Tagged

A

Tagged

B

Tagged

C

Tagged

Subj

Calculation 3 Result 2

What went into Result3?

26

Spectrum of Sharing1

Trust Publish Interaction Quality Privacy Enablers

No one Nothing No one - - -

Friends &

Family

Subsets/

derivatives

Word of

mouth

Person to

person

Handshake

promise

None

Community ″ Conference

booths/

papers

Curation2 De-ident &

agreement

Auto de-ident,

Agreement

template3,4

Public ″ Repository/

registry

Taxonomies/

semantics

″ ″

1 C. Fennema-Notestine. Enabling Public Data Sharing: Encouraging Scientific Discovery and Education2 Strong metadata, use common ontological framework, collection conditions & semantics, validated calculation &

visualization 3 Suggested IRB or HIPAA wording4 Promise to not re-identify, use data at own risk, no quality guarantees, properly acknowledge data source

27

PALMSCom Mutual Support

UCSD PALMS

Support Team

User 1

User 2 User 3

User 4 User 5

28

PALMSCom Example

29

Deployment

Web Browser

(UI)

PALMS

Service

GWT RPC

Mule Messaging

Browser

Proxy (UI)

PALMS

Subservices

CXF Web ServicesMule Messaging

CXF Web Services GWT RPC

PALMS Server VM

PC Browser PALMS Server Machine

JAVA (GWT) JAVA (Mule ESB)

30

hicss 2012 presentation

Software