Attribute Authorities (AAs) play one of the most critical security roles in the infrastructure. The data they issue and information they assert must be highly trusted by the parties relying upon it. To that end, AARC recommends that certain practices be adopted by the operators of such services: AARC-G071 Guidelines for Secure Operation of Attribute Authorities. The requirements listed include best practices in encryption, hosting environments, logging and attribute management to name but a few.
...