-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
158 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
...nts/wg_workshops/2024-06-05-june-meeting/wg-citizen-agency-extending-control.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Working Group: Citizen Agency & Extending control | ||
|
|
||
| Chair: Pete Barnsley | ||
|
|
||
| ## Notes | ||
|
|
||
| **Focussed on Citizen Agency topic** | ||
|
|
||
| - There is a forthcoming Research Equity initiative working with Oxford in partnership. | ||
| - People need to be an active partners. Representativeness is needed. | ||
| - Data space needs to be more in the spotlight for equity as it is not been a focus really. | ||
| - _Rebel Health_: a book (released ~Feb 2024) about people's fight to get access to data to help their health: https://susannahfox.com/rebel-health/ | ||
| - To identify people that represent the four types of person so all types of folk are represented. Also who are most likely to gain and so get more connection to wider public. | ||
| - We want more people to see how the social contract is a key part of the role of "TRE / SDEs" and the research they support. | ||
| - From the ability to provide a "lay summary" of the research project to recognising the voice of the "owner" of the data in deciding what and who can use their data. | ||
| - Involving people in bodies is one approach of getting voices heard, e.g. PIER - Patient Involved Enhancing Research | ||
| - A one pager to send to them, to help bring people into the WG. | ||
| - Talked about the services connecting people and the research using their data. | ||
| - Bio Resource: https://bioresource.nihr.ac.uk/participants/bioresource-portal/ |
47 changes: 47 additions & 0 deletions
47
docs/events/wg_workshops/2024-06-05-june-meeting/wg-cybersecurity-risks.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Working Group: Cybersecurity Risks | ||
|
|
||
| Chair: Donald Scobbie EPCC | ||
|
|
||
| ## Notes | ||
|
|
||
| - Review of group focus | ||
| - Use of containers for code import | ||
| - Canon SHAIP (Safe Haven AI Platform) uses containers for ingress. Harbor private registry. Also Win11/RStudio desktop with approval process for import | ||
| - GitLab/Docker | ||
| - Container assessment processes & tools | ||
| - Want to build sample breakout containers to verify environment is safe for containers | ||
| - Can we engage with Purple Teams? | ||
| - Focus on TRE safety over container safety. We run routine standard tests + external pen tests | ||
| - IG teams still expect confidence in imported software, even if outputs give false confidence or highlight CVEs that can't be fixed whilst maintaining reproducibility | ||
| - Looking at Trivy in both Harbor and in CI | ||
| - Static analysis / code reviews outside TRE before import | ||
| - WG practices | ||
| - Want to build documentation & knowledge base | ||
| - Platform tooling? Read the docs / GitHub wikis | ||
| - CyberSec Feedback Capture | ||
| - Want to solicit (high-level) feedback from groups | ||
| - GitHub issues. Possibly anonymously so as not to discourage contributions. Also via direct email as a proxy | ||
| - WG chairs to email TRE mailing list to request feedback & report back | ||
| - Who can submit Pull Requests? No objections to be publicly open | ||
| - Initial tasks | ||
| - EPCC setting up example Trivy CI, configuration | ||
| - Can we create a GitHub project as a TRE project template? | ||
| - GitHub processes | ||
| - Socket (https://socket.dev/) paid-for service for code analysis | ||
| - Built-in GitHub tooling (Links in Slack channel) | ||
| - How to structure outputs from analysis tools for consumption by IG staff? | ||
| - Challenge: How to scale scanning of large containers? | ||
| - Starts to look similar to importing VM images | ||
| - Increases workload on IG team | ||
| - SBOM provision is not a panacea | ||
| - Detailed package and dependency analysis is not an SBOM output: | ||
|
|
||
| To finish the sentence before we warped out, the general consensus was that no-one could provide SBOMs. Not Oracle. Not anyone. So self-declared researchers declaring dependencies is not going to work IMHO. | ||
|
|
||
| ## Summary | ||
|
|
||
| Example tooling is welcome. | ||
|
|
||
| Shortcoming of code assessment tools, scope and quality is a challenge. | ||
|
|
||
| Communication of any technical assessment process outputs to non-technical IG teams will be difficult. |
13 changes: 13 additions & 0 deletions
13
docs/events/wg_workshops/2024-06-05-june-meeting/wg-funding-sustainability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # Working Group: Funding and Sustainability | ||
|
|
||
| Chair: Lisa Scerri | ||
|
|
||
| ## Notes | ||
|
|
||
| - The aim of the working group today was to finalise the finance survey that will be shortly sent out to UK TRE Community members. | ||
| - There was a discussion regarding question 16 What (services) do you charge for? And the inclusion of the option "The Data" which was felt, by an NHS member, to be inappropriate and possibly upsetting for patients. It was decided to add a caveat so that this option is for non-NHS only. | ||
| - A member suggested that we add feasibility checks as an option as his organisation will charge, up front, for feasibility checks that require a significant amount of effort, such as the use of NLP. It was agreed to add this. | ||
| - Another member suggested that we add "governance processes" as an option due to the length of time and effort that data access processes can cause for the TRE provider. It was agreed to add an operational/governance processes option. | ||
| - The survey was signed off and will be sent out June 7th. | ||
| - The date of the next meeting was not discussed but will depend on the response rate. | ||
| - The Chair will contact the group to for help with the analysis once data collection is complete. |
21 changes: 21 additions & 0 deletions
21
docs/events/wg_workshops/2024-06-05-june-meeting/wg-glossary.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # Working Group: Glossary | ||
|
|
||
| ## Charter | ||
|
|
||
| [Link to charter](https://docs.google.com/document/d/1lzn3QzjObJxaWW-mSBGSuJceiWq1vZK_FSEy7DVF6q8/) | ||
|
|
||
| ## Meetings | ||
|
|
||
| - Twice monthly online meetings until editorial process and initial Glossary created (for September TRE Community Meeting) | ||
|
|
||
| ### Possible useful resources | ||
|
|
||
| - [Working Groups Governance Process](https://uk-tre.github.io/hugo-website/about/governance/working-groups/) | ||
| - [The Newcastle Commitment (the community foundational document)](https://www.uktre.org/en/latest/newcastle-commitment/index.html) | ||
| - [Reproducible project template for GitHub](https://github.com/alan-turing-institute/reproducible-project-template) | ||
| - Turing Way guides | ||
| - [Open Research](https://the-turing-way.netlify.app/reproducible-research/open) | ||
| - [Project Design](https://the-turing-way.netlify.app/project-design/project-design) | ||
| - [Community coworking calls](https://the-turing-way.netlify.app/community-handbook/coworking) | ||
| - [Stakeholder engagement](https://the-turing-way.netlify.app/collaboration/stakeholder-engagement) | ||
| - [TRE Users report](https://zenodo.org/records/10066800) |
45 changes: 45 additions & 0 deletions
45
docs/events/wg_workshops/2024-06-05-june-meeting/wg-satre.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # Working Group: SATRE | ||
|
|
||
| Chair: Simon Li | ||
|
|
||
| ## Notes | ||
|
|
||
| UK TRE WG: https://www.uktre.org/en/latest/structure/satre.html | ||
|
|
||
| Charter for review: https://docs.google.com/document/d/1ugd32Ki0ssZu42AWWoChE-Tb_sKggM3sfs-4ZzcYoBk/ | ||
|
|
||
| - Meeting cadence: how often, and how long each time? | ||
| - Who else wants to co-chair? | ||
| - Who wants to be a named participant? | ||
|
|
||
| What should the WG aim to do? | ||
|
|
||
| Governance of this working group | ||
|
|
||
| - Should co-chairs be elected? | ||
| - Be ready for when funding arrives | ||
| - May open up parent institutional funding | ||
|
|
||
| Participants: | ||
|
|
||
| - Don't have to do loads of work on SATRE, can also be about promoting or acting as a go-between | ||
|
|
||
| Activities: | ||
|
|
||
| - Gap between statements and guidance... coming back to more technical guidance | ||
| - How can we make it easier to translate SATRE into a real TRE? | ||
| - Make more "human" to people, so it can be used as advice, e.g. saying "how" something was done, not just that it was done | ||
| - Use SATRE to support delivery of actual TREs | ||
| - What level though? | ||
| - Reference implementations of SATRE | ||
| - Effort required to gain formal accreditation. ISO? Who can contribute? | ||
| - Given that ISO is an internationally recognised standards body, gaining recognition as an ISO standard (https://www.iso.org/about) might be worth exploring to gain widespread SATRE accreditation. This is their front door to developing standards: https://www.iso.org/developing-standards.html | ||
| - NHSE accreditation process, oriented at sub-national. | ||
| - Submit a paper before applying to show impact it's had | ||
| - Evaluation of initial specification, mature in some areas | ||
|
|
||
| Is a cloud agnostic TRE possible? | ||
|
|
||
| - https://github.com/lsc-sde/lsc-sde/discussions/55#discussioncomment-9367598 | ||
| - https://kasmweb.com/docs/latest/guide/compute/servers.html | ||
| - https://github.com/MHRA/cprd-oss-tre |