Negotiator, an open-source access management solution featuring a customizable workflow engine, along with messaging, notifications and moderation support.
This project aims to develop an extensively customizable access management system designed to efficiently structure and streamline the process of resource access requests within multinational research infrastructures.
Negotiator is currently used for mediating access to biological data and samples in BBMRI-ERIC. Using one of BBMRI-ERIC discovery services such as the Directory or the GBA SampleLocator researchers can browse and locate collections of bio specimens, and then request access via BBMRI-ERIC Negotiator by filling out a request form and then following individual steps of the Negotiation lifecycle. Reference UI implementation for BBMRI can be found in this repository. Documentation for the new REST API can be found here. An older version of this service can be found in this repository.
- Resource: Any resource/entity that is listed in an external discovery service, and has a unique and persistent identifier. (e.g., collection of biological samples, research service, specialized treatment...)
- Request: A depiction of a query from a data discovery service specifying the resource/resources of interest and filtering criteria used to find them in the discovery service.
- Negotiation: An access application consisting of one or multiple requests that is linked to an authenticated user.
- Representative: A physical person responsible for mediating access to a resource in their jurisdiction.
Using an external discovery service connected to the Negotiator, the user identifies resources they are interested in getting access to, and passes them as a Request to the Negotiator. Once authenticated, the user then fills out a resource-specific access form and submits the request for review. Once the request is approved by an administrator, it becomes a Negotiation where resource representatives, moderators and the requester can interact with it.
Negotiator application can also be spun up using the provided Docker image. To run the application with a mock authorization server using the OAuth2 protocol, see this docker compose file.
To create a request and start the access workflow, run the following curl command:
curl --location 'http://localhost:8080/api/v3/requests' \
--header 'Content-Type: application/json' \
--data '{
"url": "https://bbmritestnn.gcc.rug.nl",
"humanReadable": "#1: No filters used.\r\n#2: No filters used.",
"resources": [{
"id": "bbmri-eric:ID:CZ_MMCI:collection:LTS"
}]
}'
For contributing, please read our contribution guidelines.
- Java 17
- Maven
- Spring
- Docker engine
mvn clean spring-boot:test-run -Dspring-boot.run.profiles=dev
IN the development mode the application spins up a Docker container with a PostgreSQL relational database.
The Default credentials are: negotiator:negotiator
jdbc:postgresql://localhost:5432/negotiator
Documentation for individual components:
- REST API
- Workflow engine
- Notification service
- External services interface
- Database migration
- Logging policy
Copyright 2020-2024 BBMRI-ERIC.
Licensed under GNU Affero General Public License v3.0 (the "License"); you may not use this file except in compliance with the License.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.