Acceptable use policy (AUP) and terms and conditions are necessary instruments in the regulation of infrastructure access. They bind the user to the ‘purpose’ for which the services and resources they use have been provided. Yet, like with privacy notices, the reader is rather inclined to click through and proceed with the actual task at hand. Thus, to reduce the burden on the user and increase the likelihood that they will read the AUP, the number of times a user is presented with such notices must be kept to a minimum, preferably just a single time. Yet the notice should cover as much of the user’s potential use of the infrastructure as possible: the more services and resources deem an AUP as sufficient for their policy purposes, the better it will be. This will allow users to use resources from multiple service and resource providers without the need to confirm acceptance of additional AUPs.
The aim of the WISE Baseline AUP is to
- provide a common baseline set of criteria for acceptable use and terms and conditions for the professional use of IT infrastructures for research globally – and thereby ease the trust of users across infrastructures: services within an infrastructure have a common framework describing the behaviour of users coming from multiple communities;
- facilitate a presentation format that allows necessary privacy notices (in Europe for GDPR compliance) to be presented at the same time and remain easily available thereafter;
- support services with varying levels of support and quality guarantees;
- provide for augmentation of the baseline AUP with community and infrastructure-specific terms and conditions
- be applicable to both ‘community-first’ and ‘user-first’ AAI membership management services.
In the conventional ‘community-first’ model, the AUP is shown to the user when registering with their research community. The model here referred to as ‘user-first’ presumes that the user first enrols in a generic, potentially multi-tenancy, membership management service (MMS), and within that service petitions membership to one or more of the research communities hosted within the MMS.
Guidance on the intended use of this Acceptable Use Policy and Conditions of Use (AUP) text.
The AUP text referenced above is intended to form part of the information presented to a member of a community (the user) at the time they register to access the services comprising an infrastructure. The AUP provides the user with information about their expected behaviour and restrictions on their use of the infrastructure. This "baseline" text can, optionally, be augmented with additional, community or infrastructure specific, clauses as required, but the numbered clauses should not be changed. The registration point where the user is presented with the AUP may be operated directly by the user's research community or by a third party on the community's behalf.
The motivation to provide this "baseline" text is to facilitate -
rapid community infrastructure ‘bootstrap’ - communities do not have to build their own AUP from scratch
ease the trust of users across an infrastructure - services within an infrastructure have a common framework describing the behaviour of users coming from multiple communities
provide a consistent and more understandable enrolment for users - as users move between communities and projects come and go, users have a common understanding of their responsibiities.
Other information to be presented to a user, as addition to the AUP, to properly define their rights and responsibilities when using the infrastructure and services are -
- Privacy Notice - information about the processing of their personal data together with their rights under law regarding this processing
- Service Level Agreements - information about what the user can expect from the service in terms of quality such as reliability and availability
- (Optional) Terms of Service - additional requirements or information which does not naturally fit within the AUP, PN and SLA policies. (e.g. a requirement to cite a sponsoring body in publications or the assignment of rights.)
Draft of the implementors guide at https://docs.google.com/document/d/1tGghpHCKTu8sTO1wNrJBXXfD0N1XDAmFTn9b8t6wzPE (since published as AARC-I044)