Information about the groups a user is a member of is commonly used by relying parties in order to authorise user access to protected resources. This document provides guidelines for expressing group membership and role information across AARC BPA-compliant AAI services. Specifically, it defines a URN namespace for expressing this information using common identity federation protocols, namely SAML and OpenID Connect/OAuth2.
Document URL: https://zenodo.org/record/6533400/files/AARC-G069%20Guidelines%20for%20expressing%20group%20membership%20and%20role%20information.pdf
Development information: N/A
Status: Final (11 Apr 2022)