...
The security baseline gives you the outline of the security measures that help you participate in federation and provide trustworthy services. It relies on SIRTFI, the Security Incident Response Trust Framework for Federated Identity, and helps identify, mitigate, and resolve security incidents in your service and in your peers. Remember: you will typically find a security incident quite a long time after the intrusion actually happened, so keeping logs is particularly important! And exercising these communications channels is needed to make sure they work in case of emergencies.
Adopting it as an authentication source or collaboration
The AARC BPA identifies the collaboration layer as a key control point for resource access: as a collaboration, you hold critical data on 'who did what when', and are the most effective place to control access to resources and protect the infrastructures you use. You may be notified of security events by infrastructures and resource providers, since they will often identify anomalous behaviour first and have a definite interesting in stopping the abuse. The collaboration and the home organisation are the only ones in the AARC BPA that can associate the identifiers at the infrastructure and service layer with actual users. You are an essential part in stooping the incident from spreading and causing more harm!
How does the Security Operational Baseline fit into an AARC BPA compliant infrastructure?
Operational security is of course much more than AAI, but identity plays a critical role: as users 'traverse' the layered AARC BPA, they will acquire additional identifiers, and are gaining access to resources by virtue of their role, group memberships, and capabilities. Each of the layers in the AARC BPA provides control points to mitigate incidents and prevent the impact from spreading.
Also keep in mind that each layer in the AARC BPA may keep state about the user sessions: even if an account is blocked at, for example, the identity layer, there may be sessions, tokens, or assertions active at the collaboration, infrastructure, or site-local layers. Therefore collaboration is essential, and reporting of security events and (potential) compromises to your partners is very important.
The twelve points to protect your resources and data
...