gms | German Medical Science

Introduction A team of the department of Medical Informatics Göttingen will create a collaborative infrastructure for biomedical research. The aim is to establish a grid-based environment for the exchange and management of data in the manner of long-term digital preservation [1]. The data-sharing of biomedical research data like imaging data and genomic data in long-term preservation context is important to achieve finances and times advantages. The used computing-infrastructure is D-Grid [2]. A possible solution in the biomedical community for grid-based data transfer is Globus-Online [3].

Test Setup: Globus-Online is an web application for transferring data between two storage points. The endpoints are data destination and data source. Users of Globus-Online can use a local file system or a resource with grid-FTP as endpoints. For testing purposes, four publicly accessible grid-sides of D-Grid were defined as endpoints. The only prerequisite to create a server as an endpoint is that these instances must provide a grid-FTP-server.

Usage of local devices as endpoints: A technical prerequisite is to use a mobile device e.g. laptop as an endpoint. Globus-Online provides a software called Globus-Connect which enables a grid-ftp client and provides data transfer from local machine to endpoint or to fetch data from endpoint to local machine. Since once Globus-Connect is a client, the other endpoint has to implement a grid-FTP server.

Issues of endpoint security: To transfer data from or to an endpoint, the respective point must be explicitly activated by an authorized user. Using D-Grid sites, a X.509 user certificate is required. The user get then access to folder structure of the endpoint in the web-interface and can navigate within the file system. To protect non-public data, Globus-Online implements the access rights of the underlying file system. One benefit of Globus-Online is the reliable file transfer based on control server of Globus-Online in the US. This does not conflict with data protection laws then only the data flow control is handled by Globus-Online. In this project pseudonymized data will be transferred; thus, encryption is necessary.

Barriers by German data protection law: The German data protection law regulates the handling and transmission of identifying or personal data. Article in law 4c of the Federal Data Protection Act [4] states exceptions to the legitimate transmission of such data. As a result, the traffic within the common network, not only for the transmission of identifying data, is reduced to a minimum of external connections. In this context, it should be noted that is impossible to access endpoints if local machines are protected by a firewall and the necessary port ranges are blocked. This generally is the case in medical research environments because hospitals handle personal data and, therefore highest standards have to be implemented.

Conclusion: Globus-Online can be used to transfer data from endpoints reliably. It is an important decision whether to be make an endpoint public or not because of the file system rights-based access-control. Nonetheless, the regulations in clinical environments contribute a restriction that directly influences the research data transfer for the respective user group.

This publication was supported by the project LABIMI/ F, funded by the German Research Foundation (DFG).