What does access restriction look like for a scaled up cloud-accessible lab?

[sgbaird]

For example, do you allow anyone to request experiments and do a simple FIFO queue, as demo'd in the no-authentication MQTT example? This can easily lead to abuse of the system which in turn causes poor utilization of resources and/or inaccessibility (i.e. lock-up of the system).

Related:

• How can data be securely transferred? #84
• Encrypting micropython credentials (e.g., WiFi, API keys) #226

Do you use an access model like SLURM, where users are onboarded and then assigned priority which changes as a function of user type and how many and how recently resources have been used?

Or, do you use a pricing model, where users pay for experiments? Does this pricing model distinguish between non-commercial and commercial activities?

Some other models to consider:

• Writing mini-grant proposals to get ultra-high-quality XRD time at a synchrotron (is this at Argonne?). Mail-in service and automated after that (data gets sent to you).
• Citrine informatics - free use for academics, paid use by industry, requires terms of service. We can see how to interact with their system, but we don't see how the system is set up on the backend. We can ask, of course. EDIT: @james-saal mentioned that the platform I mentioned is retired but still usable based on a simple check I did and that the most recent model currently is a paid license for all parties.
• DALLE-2 model. Some combination of free and paid "credits" (assumes semi-unlimited compute resources/scale-up, compared with the usually limited experimental resources, not as straightforward to scale-up). EDIT: this is called a "pay-as-you-go" or PAYG consumption model https://www.google.com/search?q=pay-as-you-go+consumption+model. See also "API monetization".
• "usage-based billing" or "metered billing" similar to what you get when you pay for data as you go with a subscription-based phone service. For example, at the end of the billing cycle, if you used 2GB of data then you pay $20 for the data, usually on top of a fixed subscription fee
• (suggestion @maffettone) How does Emerald Cloud Labs do onboarding? Probably worth exploring
• RoboRXN - option to request access I think; past that, not totally sure.
• Competitions like https://real-robot-challenge.com/2020 [paper], which could be hosted via Kaggle (see e.g. NOMAD 2018)

[sgbaird]

@blaiszik @maffettone wondering if you have any comments here?

[maffettone]

I wonder how much Emerald Cloud Labs has released of their approach here.
For a publicly accessible IoT deployment I guess there are 2 things to consider that you've started to hit on above: policy and implementation. Both of which are hard for different reasons, but generally better to understand the policy outcome you're trying for before deciding how to achieve it. That probably also depends on who your stakeholders are...

The contemporary---yet underdocumented at the moment---approach in Bluesky is a mutable priority queue. This works pretty well at the facility scale.
The queue-server manages permissions of who is allowed to run what "plans" (atomized experiments). The data then gets dumped into central storage with layered permissions (getfacl/setfacl). For instance, everyone with a user ID from the Sparks group would be able to access the data; however, you would be able to request complex plans, while Taylor would be limited to simple plans, AI agents would have a different permissions set, and the facility managers could deploy arbitrary plans.
Above permissions, there is authentication. Yes, sgbaird is allowed to run reaction_scan_x, but how can I confirm this is really sgbaird. For that we use http tools.

From a secure data transfer standpoint, @blaiszik and the Globus team will have more expansive ideas.

[sgbaird]

@maffettone great comments, and thanks for the Bluesky perspective. Agreed about delineating policy vs. implementation, and this is helping a lot with getting the right terminology/keywords which is pretty huge. Any idea what the canonical search terms for this would be?
e.g.

• software-as-a-service policy model
• SaaS [subscription OR license] models
• SaaS customer onboarding
• SaaS onboarding

Maybe some terms from https://www.saascommunity.com/operational/saas-terms-and-definitions/ or a similar resource would help.

Related:

• https://www.quora.com/For-SAAS-product-what-is-the-better-open-source-tool-I-can-use-for-onboarding
• maybe the right stackexchange is UX: https://ux.stackexchange.com/questions/tagged/onboarding

[sgbaird]

Struck me that "https://www.google.com/search?q=how+to+set+up+a+saas+business" posts will probably have some right terminology, at least for the paid models.

p.s. Emerald Cloud Lab - very cool.

Emerald Cloud Lab® (ECL®) is the only remotely operated research facility that handles all aspects of daily lab work — method design, materials logistics, sample preparation, instrument operation, data acquisition and analysis, troubleshooting, waste disposal, and everything in between — without the user ever setting foot in the lab.

[sgbaird]

Another cloud lab mentioned in the following article is https://strateos.com/

Peng, X., Wang, X., Brown, K.A. et al. Next-generation intelligent laboratories for materials design and manufacturing. MRS Bulletin (2023). https://doi.org/10.1557/s43577-023-00481-z

As a preliminary stage, some commercial cloud laboratories have been built, such as Strateos (https://strateos.com/), dedicated to drug discovery and synthetic biology, and Emerald Cloud Lab (https://www.emeraldcloudlab.com/), which can perform various in vitro biology or chemistry experiments. Researchers can control multiple devices through a software interface or web browser without purchasing their own instruments. It makes biological and chemical experiments more like computational experiments, with each step of the experimental operation being translated into explicit and detailed code and carried out in an invariable environment, which provides for reproducibility.

[ethanjli]

Agreed about delineating policy vs. implementation, and this is helping a lot with getting the right terminology/keywords which is pretty huge. Any idea what the canonical search terms for this would be?

There's been a lot of CS systems research about designing policies to automatically schedule the use of limited resources - some search terms from that domain include "scheduling" and "scheduling algorithm" (that wikipedia article may be very useful as a review of key concepts and approaches) and "load balancing" (though this term often is also used in a more specific way to refer to load-balancing between network API clients and servers). Tradeoffs in policy design to maximize "quality-of-service" include: "throughput", "latency", and "fairness".

[sgbaird]

• https://github.com/async-labs/saas
  • User authentication with Google OAuth API and Passwordless, cookie, and session.
  • Subscriptions with Stripe
    • subscribe/unsubscribe Team to plan,
    • update card information,
    • verified Stripe webhook for failed payment for subscription.
    • One-time payments for "credits" async-labs/saas#187
• Python (Flask) based https://github.com/saasforge/open-source-saas-boilerpate
  • authentication
  • Stripe integration is a premium feature, ~$250/year
  • Suggestions for incorporating one-time payments and subscriptions? saasforge/open-source-saas-boilerpate#39
• moesif
  • https://www.moesif.com/blog/api-product-management/stripe/Using-Moesif-And-Stripe-For-Pay-As-You-Go-API-Billing/
• WSO2 API Manager [github] [landing page]
  • https://apim.docs.wso2.com/en/latest/get-started/api-manager-quick-start-guide/

Related:

• https://techbeacon.com/app-dev-testing/you-need-api-management-help-11-open-source-tools-consider

[sgbaird]

Another model of interest is a competition format.

• https://real-robot-challenge.com/2020 [paper]