Page History

...

In this informational guideline, we identify the smallest set of distinct guidelines (policies, good practices, procedures) necessary to cover trust, security, and operational interaction of proxies in composite-proxy scenarios beyond the community-and-infrastructure proxy doublet of AARC-G045. Some elements may already be in place, such as the attribute authority operations security guidance AARC-G071, others have only been identified as needed but have not yet been described in sufficient detail to formulate policy of good practice. The aim of this paper is to identify the smallest set of distinct guidelines, practices, and procedures needed.

The Trust framework for distributed proxies follows the hierarchy of the AARC BPA 2025, and defines the structure for the Policy Development Kit (PDK) version 2. However, based on the experience of the first version of the Kit, we need to clearly disambiguate between policies (that are more akin to functional requirements without specifying a particular implementation) and the processes and procedures that implement such policies. The policies in the PDK are those where explicit approval by management (at the appropriate level) is advisable. Policies should therefore be both unambiguous and clear, as well as be temporally stable. The processes and procedures implementing the policies can be more agile, adapting to changing conditions (like new adversaries in threat scenarios). 

...

Snctfi will be the set of guidelines that define the trust in the proxy itself, that a proxy operator can control and assert. This means: Sirtfi, Security Operational Baseline, GEANT DPCoCov2, AAOPS, and the Notice Management guidelines. This makes Sntfi into a ‘verifiable’ set that can be ‘checked’ when a (community) looks for a provider of proxy/aai services. Most communities will not be running their own.

• AARC-I082 document
• Draft version versions of the document (gdoc)
• Document area and images (google drive)

...