...
- Define a unique name for your collaboration (recommend DNS)
- Identify a governance body to make policy decisions
- We strongly suggest (although this is out of scope here)
- Identifying your primary assets
- Completing a risk assessment
- Defining your rules of participation and the escalation procedure in case of non-compliance
- Any additional legal and regulatory compliance necessary
- Define the purpose of your collaboration → this will be used for your AUP
- Review the AEGIS endorsed policy guidelines required for AARC compliance
- Identify your assurance requirements
- following https://aarc-community.org/guidelines/aarc-g031/ and ensure its technical implementation
- Token lifetimes
- Define, or agree to adopt as is, the following 6 policies and seek endorsement from the governance body
- Ensure that the policies are presented to and accepted by the relevant audiences
- Publish your policies at a suitable location
...
| Document | AARC Template | Examples |
|---|---|---|
| Membership management | Membership Management | |
| AUP | WISE AUP | |
| Privacy Policy | Refeds REFEDS privacy notice | |
| AAOPS | Attribute Authority Operational Security | |
| Security Operational Baseline | Security Operational Baseline | |
| Incident response procedure | EOSC, UK-IRIS |
...