This work package will investigate operational and security aspects as well as policies to complement the technical research work carried out in the architecture work package.
This work package will deliver a set of recommendations and best practices to implement a scalable and cost-effective policy and operational framework for the integrated AAI.
Specific topics for this activity include:
• Delivery of an assurance baseline and differentiated assurance framework;
• Identify a minimal set of policies to enable attribute aggregation;
• Enable consistent handling of security incidents when federated access is enabled;
• Explore policy and security aspects to enable the integration of attribute providers and of credential translation services;
• Develop support models for (inter)federated access to commercial services;
• Develop guidelines to enable exchange of accounting and usage data.
No policy nor any best practice in itself will achieve results: it is only through their adoption by the community at large that they gain value, and ensuring this level of acceptance needs engagement throughout the policy development process. For this reason the policy harmonisation activity works closely through existing federated community structures to encourage wide adoption of the developing frameworks. Ongoing activities are described in more detail on the AARC Wiki pages.
The work package is led by Nikhef (David Groep).