Authentication sources and Collaboration Management should abide by the minimum requirements and recommendations for the secure operation of Attribute Authorities [see AARC-G071 Resources], and similar services providing statements for obtaining access to Infrastructure servicesAttribute Authorities play one of the most critical security roles in the infrastructure. The data they issue and information they assert must be highly trusted by the parties relying upon it. To that end, AARC recommends that certain practices be adopted by the operators of such services: AARC-G071 Guidelines for Secure Operation of Attribute Authorities. The requirements listed include best practices in encryption, hosting environments, logging and attribute management to name but a few.
To make safe authorisation decisions, Relying Parties need to be able to identify and trust the issuer or provider of an attribute assertion, and know to which Collaboration it pertains. In a typical scenario, a Collaboration designates one or more AA Operators to operate AAs, and informs Relying Parties of any related metadata necessary for Relying Parties to connect to or use the AA. The attributes are securely held by the AA and delivered on request to authorised Relying Parties, either directly or by way of the user. Authentication sources and Collaboration Management should abide by the minimum requirements and recommendations for the secure operation of Attribute Authorities [see AARC-G071 Resources], and similar services providing statements for obtaining access to Infrastructure services.
These attributes may be aggregated with identity assertions, such as delivered from a directory or group management system, or with attribute or capability tokens as asserted by an AARC BPA Proxy.
...
Do we need more details on the content of G071?
Recommendations:
- AA Operators should abide by the requirements of AARC-G071, to attain and maintain the trust of their relying parties.
Resources
- AARC-G071 Guidelines for Secure Operation of Attribute Authorities
- AARC-I086 Membership Management Policy Development
- Light-weight Collaboration Management - explainer
- Template Membership Management Policy for Infrastructures and self-structured collaborations
- Template Membership Management Policy for light-weight and hosted collaborations
...