From f53d7b76f1a8e32948239d2cf7143747781f5284 Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Tue, 12 Jan 2021 18:49:04 +0100 Subject: [PATCH 1/3] condense concepts --- source/concepts/what.rst | 104 ----------------------- source/index.rst | 10 +-- source/overview.rst | 78 +++++++++++++++++ source/{organizational => }/security.rst | 7 +- 4 files changed, 83 insertions(+), 116 deletions(-) delete mode 100644 source/concepts/what.rst create mode 100644 source/overview.rst rename source/{organizational => }/security.rst (97%) diff --git a/source/concepts/what.rst b/source/concepts/what.rst deleted file mode 100644 index e41136a..0000000 --- a/source/concepts/what.rst +++ /dev/null @@ -1,104 +0,0 @@ -What is this? -============= - -Castellum is a subject database system developed at the Max Planck Society. - -Goals ------ - -- GDPR compliant data protection and security -- Flexibility so it can be used in different institutes - -Classification --------------- - -You can think of many kinds of scientific databases that handle personal -information. What Castellum is: - -recruting database - contains some data about (potential) test subjects that allows you to - find out which ones you should contact for your next study - -contact database - a central list of contact information shared by all other databases - - by having this in a central place, contact information can be updated - for all studies at the same time. - - by having this in a central place, the other databases can work with - pseudonyms instead. - -pseudonym service - used to store relations between the different datasets - -What Castellum is not: - -study database - contains all data that is collected during a study - - only the researchers that are involved with the study have access to - the data - -study archive - contains data from past studies that is relevant for scientific - reasons, e.g. reproducibility - -research archive - contains data that has been collected during one study, but may be - reused in another one - - reusing data saves time for both the researcher and the test subject - - examples include image archives and biobanks - -How do we decide what to integrate? ------------------------------------ - -An underlying question when implementing a new feature for Castellum is about -the intended level of software integration. Some workflows need to be deeply -integrated with contact management. Other workflows should be kept completely -separated. Furthermore, we also want to highlight the possibility to completely -reject a feature. - -A good example for a deep integration in Castellum is recruitment, which is -centered around communication with subjects. - -An example to show the opposite is research data. It should not be stored -inside Castellum. Note that there is no need for a streamlined, integrated UI -because research data is (or at least could be) handled by completely different -staff than contact data and recruitment. - -.. note:: - There are only two notable exceptions to this rule: Study participations and - search attributes both contain traces of research data, but are required for - the recruitment process. - -We often found it difficult to decide on levels of integration. Therefore, we -want to provide some guidelines that should be considered before adding a new -feature to Castellum: - -* Can the feature be decoupled from communication with subjects? We found this - to be a good starting point to remind us on the main focus of a tool for - recruitment. - -* Would the new feature introduce different staff members (user groups) - who would use Castellum only for this reason? For example, we decided against - integrating a *public relations view* on current studies as it would have - introduced staff members who actually are not allowed to access subject data. - -* Are there well established processes or tools that do not need to be - replaced? Examples might include calendars or room management. - -* Are there established protocols to interface with the existing services - instead of reimplementing it? For example, Castellum supports authentication - via a central LDAP service. - -* Is it acceptable for users to integrate with external processes manually? For - example, a pseudonym generated by Castellum would usually be entered into a - MRI device by hand. - -* Is the feature preventing us from addressing the various needs of different - research institutes? - -Rather than applying these questions as strict rules we try to balance them -within the process of reaching a decision. diff --git a/source/index.rst b/source/index.rst index 0c3dd80..5d6b824 100644 --- a/source/index.rst +++ b/source/index.rst @@ -8,9 +8,9 @@ Welcome to castellum-docs's documentation! .. toctree:: :maxdepth: 2 - :caption: Concepts - concepts/what.rst + overview + security .. toctree:: :maxdepth: 2 @@ -21,12 +21,6 @@ Welcome to castellum-docs's documentation! workflows/deleting workflows/subject-management -.. toctree:: - :maxdepth: 2 - :caption: Organizational - - organizational/security - Indices and tables ================== diff --git a/source/overview.rst b/source/overview.rst new file mode 100644 index 0000000..6d13d1e --- /dev/null +++ b/source/overview.rst @@ -0,0 +1,78 @@ +Overview +======== + +Castellum is a subject database system developed at the Max Planck Society. +Its main goals are: + +- GDPR compliant data protection and security +- Flexibility so it can be used in different institutes + +You can think of many kinds of scientific databases that handle personal +information. Castellum can cover some, but not all of these use cases. + +What Castellum is +----------------- + +subject history + a central place to collect references to all data related to a subject, + e.g. so it can be deleted on demand + +contact database + a central place to collect contact information + + by having this in a central place, contact information can be updated + for all studies in a single step + + by having this in a central place, the other databases can work with + pseudonyms instead + +recruting database + allows you to find potential subjects from an existing pool + +appointment management + make appointments for test sessions + +What Castellum is not +--------------------- + +Castellum itself is not meant to store any scientific data. It only stores +information about which studes a subject has participated in as well as the +corresponding pseudonyms. + +.. note:: + There are only two notable exceptions to this rule: Study participations and + search attributes both contain traces of research data, but are required for + the recruitment process. + + +Which features get integrated? +------------------------------ + +We often found it difficult to decide on levels of integration. Therefore, we +want to provide some guidelines for future developers that should be considered +before adding a new feature to Castellum: + +* Can the feature be decoupled from communication with subjects? For example we + decided to integrate recruitment because it cannot be decoupled. + +* Would the new feature introduce different staff members (user groups) + who would use Castellum only for this reason? For example, we decided against + integrating a *public relations view* on current studies as it would have + introduced staff members who actually are not allowed to access subject data. + +* Are there well established processes or tools that do not need to be + replaced? Examples might include calendars or room management. + +* Are there established protocols to interface with the existing services + instead of reimplementing them? For example, Castellum supports + authentication via a central LDAP service. + +* Is it acceptable for users to integrate with external processes manually? For + example, a pseudonym generated by Castellum would usually be entered into a + MRI device by hand. + +* Is the feature preventing us from addressing the various needs of different + research institutes? + +Rather than applying these questions as strict rules we try to balance them +within the process of reaching a decision. diff --git a/source/organizational/security.rst b/source/security.rst similarity index 97% rename from source/organizational/security.rst rename to source/security.rst index 42c90d7..c1838f9 100644 --- a/source/organizational/security.rst +++ b/source/security.rst @@ -1,5 +1,5 @@ -Security model -============== +Security +======== The main purpose of castellum is to handle data of test subjects. It is important to be able to read and write this data in various ways. We are @@ -31,7 +31,6 @@ needs. Note that the django framework automatically generates a lot of permissions. Only a few of them are actually used. The full list is: - - ``studies.approve_study`` - ``studies.view_study`` - ``studies.change_study`` @@ -99,5 +98,5 @@ point of entry. Monitoring ---------- -In order to allow detecting suspicious behavior, critical actions such as +In order to allow analysing suspicious behavior, critical actions such as search, deletion, or login attempts are logged to a separate log file. -- GitLab From f5c426aa1fd6a35b02765672513ef4f60c8f8578 Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Wed, 13 Jan 2021 11:55:35 +0100 Subject: [PATCH 2/3] typo --- source/overview.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/overview.rst b/source/overview.rst index 6d13d1e..e0ada15 100644 --- a/source/overview.rst +++ b/source/overview.rst @@ -36,7 +36,7 @@ What Castellum is not --------------------- Castellum itself is not meant to store any scientific data. It only stores -information about which studes a subject has participated in as well as the +information about which studies a subject has participated in as well as the corresponding pseudonyms. .. note:: -- GitLab From 4b70b709c2a3b5b5313a3069ef826cf73b21742b Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Wed, 13 Jan 2021 11:55:40 +0100 Subject: [PATCH 3/3] be more specific about recruitment database --- source/overview.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/overview.rst b/source/overview.rst index e0ada15..cb3acad 100644 --- a/source/overview.rst +++ b/source/overview.rst @@ -27,7 +27,8 @@ contact database pseudonyms instead recruting database - allows you to find potential subjects from an existing pool + allows you to find potential subjects from an existing pool using study + specific filters appointment management make appointments for test sessions -- GitLab