In this activity we develop the policy models that help research collaborations progress: how can generic e-Infrastructures and domain-specific Infrastructures benefit from coherency in policy and sharing common security practices? How do policies complement the technical research work carried out in the architecture work package?
The set of recommendations and best practices to implement a scalable and cost-effective policy and operational framework for the integrated AAI is growing, and you can leverage results right away!
Present yourself as a trusted identity partner of your federation and support your own researcher community by
- meeting the assurance baseline and leverage differentiated assurance profile as your users access ever more valuable and sensitive resources;
- collaborate in incident response, and say so through joining the Sirtfi programme. A self-assertion based scheme following best operational security practices for global collaboration.
- Release attributes to your collaborators and peer research organisations with the Research and Scholarship release policy and federation mark
As an Infrastructure, leverage a policy framework to ensure coherency and that aids you getting necessary information about your federated users:
- Use the Snctfi framework to assess your policy maturity, and use it to present a single common voice to the global federation community through well-recognised entity categories like R&S, the Data Protection CoCo, and Sirtfi.
- Review scalable policy models, leveraging the IdP-SP Proxy model from our Blueprint Architecture
- Look how to share accounting data with your peer Infrastructures in the most pragmatic way, and how you can mitigate data protection risks
And once you conceive new services, make sure they are sustainable and will outlive any particular project: research and collaboration benefits from long-term services that continue to flourish year after year. From ‘guest identity providers’ to credential management services, great operational models in federation land have been collected by AARC for your re-use.
No policy nor any best practice in itself will achieve results: it is only through their adoption by the community at large that they gain value, and ensuring this level of acceptance needs engagement throughout the policy development process. For this reason the policy harmonisation activity works closely through existing federated community structures to encourage wide adoption of the developing frameworks. Please engage through AARC Engagement, or join our collaborating groups: REFEDS, IGTF, FIM4R, and WISE.
Deliverables and milestones
- Level of Assurance (LoA) recommendations and framework (DNA3.1)
- Framework for a coordinated response to security incidents (DNA3.2)
- Recommendations to build sustainable services (DNA3.3)
- Recommendations to implement a scalable and cost-effective policy framework (DNA3.4)
- Policies for personal data in accounting data sharing (DNA3.5)
- Recommandations on minimal assurance level relevant for low-risk research use cases (MNA3.1)
- Community requirements on accounting data (MNA3.2)