Documents archive 2015-2017

This page lists all the deliverables and milestones prepared during the first AARC project, which ran from 2015-2017 and was funded by the European Union’s Horizon 2020 research and innovation programme under Grant Agreement 653965.

Deliverable NameProjectIn a nutshell
DNA1.1 Annual ReportAARC2AARC2 Year1 Report
This document reports on the progress of the AARC2 project during its first year (2017-2018)
DNA1.3 Summary of AARC2 Main Achievements and Sustainability and Exploitation Plans AARC2Exploitation and Dissemination Report
The document describes the AARC2 project overall dissemination and exploitation strategy and for each key exploitable project result lists the actions that are being proposed to ensure adoption of AARC2 results beyond the project lifetime.
DNA2.2 First Advanced Training Material Content AARC2OIDC Training Material to build an OIDC Relaying Party
(Github repository)
DNA2.3 Summary Report on Training, Communication and Outreach Activities AARC2Training and Dissemination Report
This document reports on the training, outreach and promotional activities carried out in the AARC2 project, with a particular emphasis on the work done in the second year of the project.
DNA3.1/D3.4 Report on the coordination of accounting data sharing among InfrastructuresAARC2Guidance to research and e-Infrastructures concerning Data Protection Impact Assessment (DPIA) in the FIM context.
This report presents the results of the study on the evaluation of risks related to (personal) data (based on the European General Data Protection Regulation, GDPR) in the context of research and e-Infrastructures and their service providers that leverage federated identity management (FIM). Specifically, it considers personal data collected as a result of using an infrastructure (not any risks relating to the research data itself, which is a community responsibility) and provides guidance to the Infrastructures concerning Data Protection Impact Assessment (DPIA) in the FIM context. The authors present recommendations to Research Communities for determining the necessity of formal DPIA and guidelines for its execution.
DNA3.3/D3.2 Accounting and Traceability in Multi-Domain Service Provider EnvironmentsAARC2Report on how research communities can apply SCI Framework for traceability
This report details the service-centric policies that apply to the Blueprint Architecture (BPA) model proposed by AARC, how communities and generic e-Infrastructures can apply the SCI policy framework to their collective service operations, and how this supports the exchange of accounting and traceability information.The report is complemented by the AARC policy guidelines and informational documents, specificallyG042, G040, G021, the WISE SCI framework, and the AARC Policy Development Kit.
DNA3.2/D3.1 Report on Security Incident Response and Cybersecurity in Federated Authentication Scenarios AARC2Report on simulations of incident security incidents
This report provides an overview of the current state of security incident response and cybersecurity in Federated Authentication Scenarios, focusing particularly on efforts that have taken place in the past two years related to input from the AARC2 project.
DNA3.4/D3.3 Recommendations for e-Researcher-Centric Policies and AssuranceAARC2Report on Assurance and AUP relevant to research and e-infrastructures
These Recommendations provide a set of frameworks and guidelines that support, involve, and affect researchers and research communities in order to more effectively use federated identity for accessing services in a blueprint-based proxy architecture.
DJRA1.4 Evolution of the Blueprint ArchitectureAARC2Latest update of the AARC-BPA: the Community first approach
This document describes the evolution of the AARC Blueprint Architecture, starting with a summary of the changes since AARC-BPA-2017. It also describes the community-first approach which enables researchers to use their community identity for accessing services offered by different infrastructures.
DJRA1.1 Use-Cases for Interoperable Cross-Infrastructure AAI AARC2Research communities use-cases to inform the evolution of the BPA
This document analyses research community use cases that require access to services and resources across infrastructures. The research community specific use cases have been mapped to a set of generic use cases of cross-infrastructure AAI flows. These flows will serve as input for further refining and complementing where needed the AAI interoperability aspects of the AARC Blueprint Architecture.
DJRA1.2 Authorisation Models for Service ProvidersAARC2Report on the authorisation models that can be employed by Service Providers
This document describes common authorisation models that can be employed by Service Providers (SPs)in order to control access to resources in such an environment. These common models are based on a thorough analysis of use cases collected from the research communities participating in the pilot activities of AARC. The analysis includes describing the different authorisation functions, including management, evaluation and enforcement of policies and their mapping to elements of the AARC Blueprint Architecture. The types of attributes that are commonly used for evaluating authorisation policies are also elaborated on.
DJRA1.3 VO Platforms for Research Collaboration AARC2Report on the use of VO and platforms to manage them
In order to scale the users’ use of research infrastructures, cyber-and e-infrastructures, it makes sense to introduce a “virtual organisation” (VO) that can unify users with a shared purpose or research activity. This document investigates this use of the VO and makes recommendations for the platform which maintains this VO information, both for the VO’s own use but particularly for the VO’s members’ use of the infrastructure.
DSA1.1 Results of Pilots with New Communities Part 1AARC2Overview of the pilots in AARC2
This document provides a general overview of the goals and approach of the Pilots Service Activity1 in AARC2.A detailed description including an outline of the use case and the results achieved to date is given for each of the nine Research Community pilots undertaken by SA1 Task 1 in year 1 of the project. The document concludes with some lessons learned so far.
DSA1.5 How-to to Deploy Pilot ResultsAARC2 Summary of all AARC2 pilots
This document provides an overview about the use-cases for each pilot and what was done.
DSA1.4 Final Results of Pilots for Advanced Use-Cases and New Technologies AARC2
DNA1.2 Annual ReportAARC1 Summary of AARC achievements.
A document to report on AARC results after two year project.
DNA1.3 Summary of main dissemination activities, main achievements of AARC for and Exploitation ReportAARC1 Summary of AARC dissemination, outreach and exploitation work.
A document to report on the results of AARC communication, dissemination and exploitation activities, their impact and how they mapped the AARC strategy.
DNA2.1 Report on the identified target groups for training and their requirementsAARC1This document reports on the work done by NA2 Task 1“Learning Needs Analysis”in liaising with user groups and communities including libraries with the objective of understanding their identity management requirements and needs.
DNA2.2 Training material on main technical and policy concepts of federated access
AARC1Federations 101 (Training materials)
DNA2.3 Training material targeted to Resource and Service Providers

AARC1Introduction to federated management (training course)
DNA2.4 Training material targeted at identity providersAARC1Training material targeted at identity providers
DNA3.1 Differentiated LoA recommendations for policy and practices of identity and attribute providers

AARC1Level of Assurance (LoA) recommendations and framework
LoA expresses confidence in the binding between a user and the identity information connected to it and is usually done by the identity provider. The actual implementation of this process is rather difficult, however (e.g. there needs to be a balance between the requirements of services and the technical feasibility and effort necessary for the identity provider). This document identifies these requirements and focuses on the REFEDS Assurance Framework to express the LoA information. The framework also includes a baseline assurance profile.
DNA3.2 Generic security incident response procedure for federations

AARC1Framework for a coordinated response to security incidents
Different research services are connected through federations where a single compromised account poses a risk to all services. Currently there is no standardized process to handle such incidents. This document provides an analysis of this problem and gives recommendations on how to build a framework to handle such incidents. These recommendations are based on the Security Incident Response Trust Framework for Federated Identity (Sirtfi).
DNA3.3 Recommendation for service operational models for enabling cross-domain sustainable services
AARC1 Recommendations to build sustainable services
Often software and services are created and operated in the context of project funding. When these projects end, it becomes difficult to ensure support to run services. This deliverable provides a template to assess the sustainability of services and gives recommendations to service providers and federations operators to standardize policies.
DNA3.4 Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

AARC1Recommendations to implement a scalable and cost-effective policy framework
Creating the common federation ‘ecosystem’ for research collaboration requires that everyone is effectively connected to it, including not only those organisations whose primary purpose is collaborative research, but also institutions (both identity providers and those providing services). This document starts with a study of entity categories and the status of take-up by the eduGAIN. The document presents “Snctfi”, the new policy and trust framework that has been developed for applying policies and best practices to an e-Infrastructure or research Infrastructure using IdPs in the R&E federations via an SP-IdP proxy.
DNA3.5 Recommendations and template policies for the processing of personal data by participants in the pan-European AAI AARC1 Policies for personal data
Research- and e-infrastructures involve different organisations and are often transnational in character. When sharing personal data, different national and EU regulations might apply. This documents gives recommendations and provides template policies for sharing and processing personal data within infrastructures. The recommendations focus on two frameworks: standard data protection clauses (model contracts) and binding corporate rules.
DJRA1.1 Analysis of user- community requirements

AARC1 Analysis of user-community requirements
To improve the AAI landscape it is important to understand the requirements of user communities and service providers. This document provides an analysis of these requirements in three steps. First, the requirements gathered in previous activities are used to formulate an initial set. During the second step, the list is improved with the results of a survey. The third step then produces a final set of requirements and structures them in form of a table.
DJRA1.2 Blueprint architectures

AARC1AARC Blueprint Architectures
This document provides a set of building blocks for software architects and technical decision makers, who are designing and implementing access management solutions for international research collaborations.
DSA1.1 Pilots to support guest users solutionsAARC1AARC Pilots
Pilots in this task deal with enabling guest users to access federated services, especially within the library community. This mainly applies to so called walk-in users, that do not have a federated identity and should still be able to use services offered by a library. This deliverable gives an overview on three pilots in this area.
DSA1.3 Pilot to improve access to R&E relevant resources

AARC1AARC Pilots
This document provides an overview of the pilots realised within the Pilots service activity in particular concerning ways to improve access to
R&E relevant resources and (commercial) service. A total of fourteen proof of concepts were carried out to test AAI mechanisms to access non-web resources, bridging e-infrastructures and access to (commercial) cloud services.