Versions Compared

Old Version 60

changes.mady.by.user David Groep

Saved on

compared with

New Version 61

changes.mady.by.user David Groep

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Define a unique name for your collaboration (recommend DNS) 
  2. Identify a governance body to make policy decisions
  3. Define the purpose of your collaboration (this will be used for your AUP) 
  4. We strongly suggest (although this is out of scope here) 
    1. Identifying your primary assets
    2. Completing a risk assessment
    3. Defining your rules of participation and the escalation procedure in case of non-compliance
    4. Any additional legal and regulatory compliance necessary
  5. Define, or agree to adopt as is, the following 6 documents and seek endorsement from the governance body
  6. Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
    1. Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/ 
    2. Identify suitable token lifetimes
  7. Ensure that the policies are presented to and accepted by the relevant audiences
  8. Publish your documents and responsible parties at a suitable location 

...

Your entry point into collaboration policy and good practice

The Policy Development Kit (PDK) version 2 identifies five main target audiences, functionally following the AARC BPA 2025 hierarchy and identifying (1) ‘Research governance’ as a foundational area. (2) ‘Users’ are (human) end-users who participate in a collaboration, are identified via (3) ‘identity’, i.e. external identity providers and the identity layer of the BPA, to be granted access by (4) ‘collaboration management’, to (5) ‘infrastructure integration and service providers’; in the BPA the infrastructure integration components, site-local integration components, and the actual service providers.

Policies in PDK version 2 are standards to which adherence can be asserted and that can be assessed and validated – for example as trust marks – and that are endorsed by AEGIS and considered ‘standards track’. Policies also are endorsed by the organisation at the appropriate level of management, and express a commitment of adherence by the organisation’s management. These are indicated in a roman font in the graphic below. The processes and procedures, being templates, are reference implementations where we assume these to be specialised for specific deployments. In the diagram these are indicated in italics.

-------

Full Trust Framework links

Scroll ImageMap
viewSize800.0
makeResponsivetrue
imgWidth1410.0
imgFilenameP3DK-arrowed-authNSources.drawio.png
areasData{"areas":[{"shapeType":"rect","coords":"713,198,130,60","title":"WISE Baseline AUP guidance","pageRefIndex":0,"linkTarget":"_blank"},{"shapeType":"rect","coords":"1075,200,132,62","title":"WISE Baseline AUP guidancwe","pageRefIndex":0,"linkTarget":"_blank"},{"shapeType":"rect","coords":"711,285,133,66","title":"Attribute authorities and membership services guidance","pageRefIndex":1,"linkTarget":"_blank"},{"shapeType":"rect","coords":"711,119,130,66","title":"Manage your community members","pageRefIndex":2,"linkTarget":"_blank"},{"shapeType":"rect","coords":"711,370,135,66","title":"Operational Security for your services","pageRefIndex":3,"linkTarget":"_blank"},{"shapeType":"rect","coords":"1072,368,130,71","title":"Security for your services","pageRefIndex":3,"linkTarget":"_blank"},{"shapeType":"rect","coords":"1253,370,130,60","title":"Incident Response collaboration","pageRefIndex":4,"linkTarget":"_blank"},{"shapeType":"rect","coords":"1226.73,113.52,164.15,75.47","title":"Service Levels and data classification","pageRefIndex":5,"linkTarget":"_blank"}]}
pageReferencesWISE AUP-!!!!!-Attribute Authority Operational Security-!!!!!-Membership Management-!!!!!-Security Operational Baseline-!!!!!-SIRTFI-!!!!!-Service Levels and Data Classification (the "IAC" or "CIA" triad)
imgHeight750.0
imgContainerPagePolicy Development Kit version 2
alwaysHighlightfalse
dataModelVersion3

All templates and guidelines

The AARC PDK consists of templates - documents where the core content is either highly determined or should be treated as 'immutable' for better interoperability - and guidelines - helping research collaboration, infrastructures, and service providers with their own procedures and practices, where adopting good practices rather than the exact wording of a policy or procedure is the key value for interoperability. A quick overview of all templates and guidance documents is given here below.

DocumentAARC template for interoperabilityExamples where no template is recommended for interoperability purposes
Membership managementMembership Management
AUPWISE AUP
Privacy Policy
REFEDS privacy notice
AAOPSAttribute Authority Operational Security
Security Operational BaselineSecurity Operational Baseline
Incident response procedure EOSC, UK-IRIS, AARC federated incident response procedure


Snctfi, operational policies, and AAI service providers

...