UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
In this informational guideline, we identify the smallest set of distinct guidelines (policies, good practices, procedures) necessary to cover trust, security, and operational interaction of proxies in composite-proxy scenarios beyond the community-and-infrastructure proxy doublet of AARC-G045. Some elements may already be in place, such as the attribute authority operations security guidance AARC-G071, others have only been identified as needed but have not yet been described in sufficient detail to formulate policy of good practice. The aim of this paper is to identify the smallest set of distinct guidelines, practices, and procedures needed.
AARC Informational Guideline
This document is available from the AARC Community web at https://aarc-community.org/guidelines/aarc-i082/
AARC TREE project
This document also fulfils Deliverable D2.1 of the AARC TREE project
The Trust framework for distributed proxies follows the hierarchy of the AARC BPA 2025, and defines the structure for the Policy Development Kit (PDK) version 2. However, based on the experience of the first version of the Kit, we need to clearly disambiguate between policies (that are more akin to functional requirements without specifying a particular implementation) and the processes and procedures that implement such policies. The policies in the PDK are those where explicit approval by management (at the appropriate level) is advisable. Policies should therefore be both unambiguous and clear, as well as be temporally stable. The processes and procedures implementing the policies can be more agile, adapting to changing conditions (like new adversaries in threat scenarios).
The new Policy Development Kit (version 2) will be based on this trust framework and consist of the guidelines and procedural templates than enable collaborations and infrastructures to implement the framework.
Snctfi will be the set of guidelines that define the trust in the proxy itself, that a proxy operator can control and assert. This means: Sirtfi, Security Operational Baseline, GEANT DPCoCov2, AAOPS, and the Notice Management guidelines. This makes Sntfi into a ‘verifiable’ set that can be ‘checked’ when a (community) looks for a provider of proxy/aai services. Most communities will not be running their own.
- AARC-I082 document (also available with reduced formatting in OfficeXML (docx), Open Document Format (odt), and markdown formats)
- Draft versions of the document (gdoc)
- Document area and images (google drive)
There are weekly calls to monitor progress until the end of May 2025:
- https://nikhef-nl.zoom.us/j/85962833769 (usual policy PIN code)