Page History

...

• AARC-I082 - Trust framework for proxies and Snctfi research services
• EU Identity Wallets (VCs) and assurance step-up

Recently completed documents and guidelines

...

Under review

• AARC-G084 - Security Operational Baseline (public page: https://aarc-community.org/guidelines/aarc-g084/)

Recently completed documents and guidelines

• AARC-G083 - Guidance for Notice Management by Proxies

Policy activities are continuously evolving

• Security Incident Response in federated environments
  • including guidelines on how to property protect your community attribute system
  • and how to prepare and what to do in case of incidents
  • traceability of events through a (network of) AARC BPA Proxies
• Service- and Infrastructure-centric policy support, including
  
  • Protection of (mainly personal) data that is generated as a result of infrastructure use (e.g. in accounting) and the impact of GDPR 
  • Attribute release from the proxy
  • Security For Collaboration among Infrastructures assessment (AAOPS-G071 Review)
• e-Researcher centric policies,
  
  • simplified policy development kit also for smaller and mid-sized communities
  • alignment of Acceptable Use Policies
  • Assurance Level baseline and differentiated assurance profiles (alongside a self-assessment tool) including the use of government e-ID for step-up of assurance
  • untangling identity assurance framework complexity
  • novel federation models and trust paths (e.g. in OpenID Connect Federation)
• Engagement and coordination with FIM4R and the global community
• Support for Infrastructures and Communities with the Policy Development Kit (PDK)

Lastly, it is imperative that any policies are agreed to in a scalable way: bi-lateral agreements do not work in a multi-stakeholder environment. The work on scalable policy negotiation addresses this issue by exploring ways of expressing and agreeing policy in a federated world: Snctfi.

...