The second AARC project (AARC2) has been running for one year and has produced many outputs in line with its agreed strategy. AARC has established a de facto authentication and authorisation infrastructure (AAI) standard for research and education. By following the AARC Blueprint Architecture and policy models, R&E communities can now deploy AAIs that will inter-operate, allowing them to provide their users with federated access to resources that are provided by multiple research- and e-infrastructures. And the project team offers consultancy and support for R&E communities to guide them during the implementation phase.
With just one more AARC year to come, it is time to assess what has been accomplished and what should happen in the final year of the project.
The key mid-term AARC2 achievements are summarised in a new leaflet:
- 9 pilots to help research and education communities deploy an AARC-compliant AAI that meets their needs
- 6 sets of guidelines to help research infrastructures deploy AARC-compliant authentication and authorisation infrastructures (AAI) and policy best practices
- 4 training events for research and education communities and service providers, with tools, materials.
- engagement opportunities for research communities and for infrastructures
- a new blueprint architecture (imminent).
The EC project review on 26-27 June will review all achievements in more details and provide inputs for the final year of AARC activities.
Achievements in more detail
Several pilots with research communites
The current AARC project focuses much more (than AARC1) on supporting research communities to deploy an authentication and authorisation infrastructure to manage their internal resources in a way that follows the AARC blueprint architecture (BPA).
The AARC BPA defines a reference architecture for authentication and authorisation infrastructures (AAI) that best fits the needs of international research collaborations.
AARC works directly with research collaborations and guides them during the AAI design and implementation phases. There are 8 ongoing pilots in AARC in different phases. Find out more about the pilots, in the AARC Pilot Report.
New BPA to be released
While the current version of the BPA provides a blueprint for implementing an AAI, the next version of the AARC blueprint architecture focuses on cross-AAI interoperability aspects. It addresses an increasing number of use cases from research communities requiring access to federated resources that are offered by different infrastructure providers. Work has been undertaken to elaborate more assurance and authorisation aspects. With the aim to facilitate the deployment of the BPA, AARC produced 6 guidelines that cover both policy and technical aspects. Two of these have been endorsed by AEGIS (AARC Engagement Group for Infrastructures). The guidelines are a key instrument in AARC that address AAI implementers and operators. The AARC guidelines are published on Zenodo with unique codes for future reference.
Policies made easier
Although everybody would agree that policy aspects are very important, in practice policy is often the last item on the list. AARC is providing guidelines and frameworks that can be of immediate use for the research collaborations. The first version of a Policy Development Kit (PDK) was presented in April 2018. The PDK supports the smooth adoption of Snctfi – the ‘Scalable Negotiator for a Community Trust Framework in Federated Infrastructures’. The team also:
- produced a report on high-assurance requirements (MNA3.5);
- tested the incident response model defined in AARC1 (MNA3,3);
- reported on an assessment of privacy regulations on [accounting] data needed by service operators and e- and research-infrastructures (DNA3.1);
- studied the different Acceptable User Policies used to date by research- and e-infrastructures with the aim to define a general template.
Collaboration with other groups, outreach and training
AARC works with the GN4-3 project on OIDC complementary aspects. AARC also sponsors relevant work undertaken in FIM4R and REFEDS. In REFEDS, AARC contributed effort to the Assurance and Sirtfi working groups. AARC’s support enabled some research communities to engage in FIM4R and contribute to revision of the FIM4R white paper, which was originally published in 2012. The new version, which is about to be published, reviews the initial set of requirements from the FIM4R community and how they have been met by identity federations and eduGAIN. The new requirements will be taken as input to refine AARC plans for its final year.
The training team has been busy; they provided four training events during year one of AARC2: two on OIDC, one for the life science community and one for the EPOS earth science community. The training team welcomes any enquiries about potential training opportunities.