A new blueprint architecture, policy toolkit and other developments for the final year of AARC

Nicolas Liampotis of GRNET leading discussion about the AARC blueprint architecture at the ‘all hands’ project meeting, day 3.

An updated version of the AARC blueprint  architecture, a policy toolkit and a security incident simulation are key agreements arising from the AARC (Authentication and Authorisation for Research and Collaboration) project spring ‘all hands’ meeting, held in Athens on 10-13 April.

The new blueprint architecture will be released by the end of June. It will enhance aspects related to the authorisation part of AAI (authentication and authorisation infrastructure) and will provide a simplified view of the functional elements. It will also be possible to overlay additional views that highlight different aspects on top of the basic view. AARC research collaborations and e-infrastructures are invited to submit their requirements for interoperable cross-infrastructure AAI (Deliverable DJRA1.1) by the end of 20 April 2018.

The AARC policy team decided that an AARC policy starter toolkit which was intended to be delivered as a workshop will be re-purposed as a webinar, with Q&A sessions to clarify the what, why and how of the toolkit. Dates will be agreed and circulated. The team also agreed to organise a simulation of a security incident to test Sirtfi (Security Incident Response Trust Framework for Federated Identity), following an initial test exercise in February. The new simulation will take place by the end of this year.

The AARC training team is looking forward to receiving requests for training events for the second half of the year; please contact aarc-contacts@lists.geant.org.

Broad participation

AARC ‘all hands’ meeting participants, Athens, April 2018.

Hosted in Athens by project partner GRNET, the Greek national research and education network organisation, the AARC meeting saw an exchange of updates, ideas and discussions between 45 participants from its 25 partner organisations and other interested parties.

The Athens meeting featured several updates by representatives of research collaborations and e-infrastructures about technical pilots that address their specific AAI needs. A side workshop was included to kick-start a pilot for the LifeWatch collaboration.

Review and planning

The ‘all hands’ meeting included a comprehensive review of progress across all work areas and forward planning for the coming final year of the project.

Architecture team

The AARC blueprint architecture has already proved its value to a number of
research collaborations and e-infrastructures; it is currently in use or being deployed by:

  • CTA (in deployment in collaboration with AARC)
  • DARIAH-AAI (in deployment in collaboration with AARC)
  • EGI Check (deployed)
  • EISCAT (in deployment in collaboration with AARC)
  • Elixir AAI (deployed)
  • EPOS (in deployment in collaboration with AARC)
  • EUDAT B2Acces (deployed)
  • GÉANT eduTEAMS (deployed)
  • Lifescience AAI (in deployment in collaboration with AARC)
  • LIGO (in deployment in collaboration with AARC)
  • XSEDE (deployed)

The expansion of authorisation and assurance aspects in the new version of the architecture is the next and final step in the plan towards completion of this work area.

The team also reported on progress in other areas:

  • Guidelines on step-up authentication will be available very soon and will be submitted to AEGIS (AARC Engagement Group for Infrastructures) for discussion and endorsement.
  • Guidelines for evaluating the combined assurance of linked identities are now available for last comments.
  • Work on the REFEDS Assurance Framework and the newer version of the REFEDS Single Factor Authentication profile is progressing, but both are still in draft. These documents are relevant for the work done in AARC.

Policy team

The policy team presented:

  • A template Acceptable User Policy, which is based on existing AUP documents. Everybody is invited to look at the proposed template and to provide feedback.
  • The deliverable on accounting data sharing across infrastructures – inputs were gathered to finalise it by the end of April 2018.
  • A report about progress on a FIM4R paper to update research collaboration requirements and relevant recommendations.
  • The AARC policy toolkit – this contains the relevant policies and guidelines to deploy the AARC blueprint in a secure and privacy-protecting way.
  • A report on the February incident response simulation test, see also the report

Pilots team

The pilots team reported on the following pilots:

  • EPOS
  • CTA
  • LIGO
  • EISCAT 3D
  • DARIAH and DARIAH-EGI interoperability pilots
  • WLCG
  • EUDAT-PRACE
  • EGI-EUDAT
  • EUDAT-eduTEAMS
  • Life science AAI – reviewed progress for the current phase (ending in May) and started to plan for phase 3 (June-Dec). This is a very important pilot for two main reasons:
    • It demonstrates that the AARC blueprint architecture can be implemented in a multi-operator scenario – in this case EUDAT, EGI and GÉANT working together to deploy the architecture for the life science community;
    • It validates the possibility for research communities to rely on e-infrastructures to deploy an AAI for them (in fact offering AAI as service).

Training and outreach team

This team reported on:

  • EPOS training that took place in March (see blog post and slides);
  • Upcoming training on the new life science AAI and how life science service providers can connect to it;
  • Online promotion and website restructuring and content improvements to include case studies and other relevant information;
  • A planned newsletter – to more widely circulate information about AARC outputs and possibly AAI-related activities in other associated communities during the final year of the project. A subscription link will soon be made available online for anyone outside the AARC project to sign up.

Further information

The meeting agenda and slides are online.

Detailed information about ongoing AARC work is on the project wiki.

The next AARC ‘all hands’ meeting will be in November, with dates and location to be confirmed. Any interested parties are welcome to attend.