Despite all potential differences between user communities, research infrastructures, federations, identity providers, and e-Infrastructures, they all work towards a common goal. And they are sufficiently alike that they might share some common policy frameworks. While it is always tempting to make ad-hoc policies, an open research commons benefits hugely from mutual understanding based on set of a harmonized policy frameworks and ways to compare the various best practice aspects.
The Policy and Best Practice Harmonisation activity works on operational and security aspects and policies to complement the technical research work carried out in the architecture and pilot work packages, and delivers a set of recommendations and best practices to implement a scalable and cost-effective policy and operational framework for the integrated AAI.
In AARC, we put primary focus on a selected set of elements:
- Assurance Level baseline and differentiated assurance profiles (alongside a self-assessment tool)
- Security Incident Response in federated environments
- Recommendations for Research and e-Infrastructures to Build Sustainable Services
- Scaleable policy negotiation: adoption of 'entity categories' and the development of a policy framework for IdP-SP-proxies
- Protection of (mainly personal) data that is generated as a result of infrastructure use (e.g. in accounting)
Lastly, it is imperative that any policies are agreed to in a scalable way: bi-lateral agreements do not work in a multi-stakeholder environment. A specific task on scalable policy negotiation aims to address this issue by exploring ways of expressing and agreeing policy in a federated world.