What level of protection is required on a set of pre-signed URLs

[andrewpatto]

If researchers (or PIs only?) are allowed to download a CSV (or zip with CSV) containing pre-signed URLs for data objects - then that file itself becomes 'the genomic data' as there are no restrictions on the dissemination of that file - and there are no firewalls or anything requiring the data is downloaded from a known spot.

On the other hand - the links within the file are only valid for up to 7 days - and if they have the ability to regenerate links - possibly that can be reduced to a shorter period of time.

So the question is - does the file or zip need to be encrypted/controlled in any way other than controlling the link validity?

[sarahcasauria]

do the presigned URLs have an audit trail of how many times they have been used? if so, could that be a valid way to track who has used the links to download the data? It would be helpful to have some sort of layer of security or reassurance that we can identify any unauthorised downloads of these files if they occur.