AARC Blueprint Architecture
The purpose of the AARC Blueprint Architecture (BPA) is to provide set of interoperable architectural building blocks for software architects and technical decision makers, who are designing and implementing access management solutions for international research collaborations.
This version of the AARC Blueprint Architecture (AARC-BPA-2017) builds upon the previous one and provides a more detailed layered architecture, while retaining full backwards compatibility. AARC-BPA-2017 retains the same four layers, each of which includes one or more functional components, grouped by their complementary functional roles. The User Identities layer and the End Services layer are still there, while the Attribute Enrichment layer has been renamed to User Attributes layer and the Translation layer has been renamed to Identity Access Management (IAM) layer and has a prominent role in the architecture. In AARC-BPA-2017, we introduce a new layer for the centralised Authorisation.
AARC-BPA-2017 support documents
The documents below are now open for feedback; please provide your inputs via firstname.lastname@example.org (anybody can post).
- [AARC-JRA1.4A] Guidelines on expressing group membership and role information [This version supersides version 1.0, which was released on 13-06-2017]
- [AARC-JRA1.4B] Guidelines on attribute aggregation
- [AARC-JRA1.4C] Guidelines on token translation services
- [AARC-JRA1.4D] Guidelines on credential delegation
- [AARC-JRA1.4E] Best practices for managing authorisation
- [AARC-JRA1.4F] Guidelines on non-browser access
- [AARC-JRA1.4G] Guidelines for implementing SAML authentication proxies for social media identity providers
- [AARC-JRA1.4H] Account linking and LoA elevation use cases and common practices for international research collaboration
- [AARC-JRA1.4I] Best practices and recommendations for attribute translation from federated authentication to X.509 credentials