...
| Expand | ||
|---|---|---|
| ||
Why? While management of the user directory, or responding to compromised credentials and questions from your service providers may appear a technical task, these often involve decisions that deal with your 'primary assets': the research data you work with, the processes that keep your community together and wholesome. A handful of people working together can solve issues that arise in an ad-hoc fashion, but as soon as you grow a bit further, structured communication becomes essential. "Why was I suspended?" "Why can't I join your group ... you have a service I need (and by the way, I just want to use it, not contribute)?". You need a body to take up that authority. Unfortunately, the AAI is often the first time you hit these hard questions! Recommendation: A principal investigator, research group chair, or faculty dean makes a good starting point for a local governance body. If your community becomes larger, write down rules of participation, draft a memorandum of understanding, or have a written collaboration agreement in place. Often there is already something in place. Many there: many public research projects demand require having a collaboration or grant agreement in place. There is usually a governance structure in there, which can be re-used here. No need to re-invent the wheel within your community. Applicable guidance: governance as such is out of scope of the PDK, but look at your project agreements, department model, or grant office to find a suitable and effective solution. |
| Expand | ||
|---|---|---|
| ||
Why? As you connect services and infrastructures to your collaboration via the AAI, these will have their 'acceptable' (and unacceptable) use defined. They provide services based on what what you, as a collaboration, are planning to do, pay for, or because of shared goals and ambitions. Your users should be acting as part of your community, so also they need clarify as to what the collaboration is for. To prevent each and every infrastructure and service provider asking the users to comply with their acceptable use - and having to remember on your behalf what the collaboration's goal in life in - the common WISE Baseline AUP can do that in one go. But for that the purpose of use needs to be clear. Only you (as in: the collaboration) can provide that clarity Recommendation: be clear and concise in how to word your purpose. A one-line sentence is needed to be inserted verbatim into the WISE Baseline AUP that you should show to users enrolling in your collaboration (or that your AAI service provider will show on your behalf when new users join). This is not the place to write a grant proposal ... Applicable guidance: WISE AUP, AARC-I044 (AUP implementation guide), AARC-G083 (notice management), Governance - primary assets, Governance - risk assessment |
- Define the purpose of your collaboration (this will be used for your AUP)
- We strongly suggest
- Identifying your primary assets
- Completing a risk assessment
- Adopting the REFEDS Data Protection Code of Conduct if it is suitable for your research collaboration
- Defining your rules of participation and the escalation procedure in case of non-compliance
- Any additional legal and regulatory compliance necessary
- Define, or agree to adopt as is, the following 6 documents and seek endorsement from the governance body
Expand title view the 6 documents Membership management
Privacy Policy
AAOPS
Security Operational Baseline
Incident response procedure
Membership Management - Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
- Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/
- Identify suitable token lifetimes https://aarc-community.org/guidelines/aarc-g081/
- Ensure that the policies are presented to and accepted by the relevant audiences
- Publish your documents and responsible parties at a suitable location
...