...
Stated compliance with the AAOPS guidelines may help to establish trust between the Collaboration and its AA, and Relying Parties. In the interest of scalability, these guidelines are intended to facilitate the assessment of AA Operators rather than individual AAs or Collaborations. The document does not provide guidance on the management (life cycle, technical implementation, exchange protocols etc.) of attributes nor the processes by which attributes are entered into the AA.
...
How should I adopt AARC-G071?
In AARC-G071 Guidelines for Secure Operation of Attribute Authorities the requirements are included in purple boxes, with additional information included around it. Importantly a distinction is made between "pull" and "push" attribute assertion.
- attribute authorities that permit binding of properties to entities by means of lookup in which the entity whose properties are sought is the key in the look-up (‘pull model’)
- attribute authorities that issue (usually integrity-protected and, optionally, confidentiality-protected) statements in which attributes are asserted (‘push model’)
Recommendations:
- AA Operators should abide by the requirements of AARC-G071, to attain and maintain the trust of their relying parties.
...