Page History

...

1. Which Research Infrastructure (RI) are you representing?
2. Which type of science are you serving ? (Frascati manual of Fields of Research and Development (FORD)) (can we compile a list!?)
3. Please provide description about the research infrastructure (e.g. which kind of instrastructure and related services are delivered and by whoom, is there a formalised collaboration etc.)

   • Would it help to provide options for the service types? E.g. Please select the most appropriate service types for services in your RI:
     a. Browser Accessible Service: A service that provides a web interface that can be accessed by users using their browsers (e.g. A research data visualisation tool accessible through a web browser).

     b. API Consumed by or on behalf of Users: A service that provides an API that can be consumed programmatically by the end users or by other services using user-delegated credentials. (e.g. A data analysis API allowing researchers to programmatically retrieve and analyse datasets).

     c. API Consumed by Services: A service that provides an API meant to be consumed by other services. These services do not act on behalf of the user but have their own access rights to the API (e.g. A workflow management system might offer an API for other services to submit data jobs, monitor progress, and retrieve results.).

     d. Client consuming Service APIs using delegated user identities: A client that uses access tokens authorised/delegated by end users and which can use these access tokens to access “APIs Consumed by or on behalf of Users” (e.g. A research collaboration platform might offer an API for data analysis tools. Researchers can authorise these tools to access their research data stored on the platform using delegated access tokens).

     e. Client consuming other Service APIs using its own client identity: A client that uses its own identity and access token to access “APIs Consumed by Services” (e.g. A tool accessing a storage service API using its own client credentials to transfer data).

     f. Public Access: A service that does not require users to be authenticated and authorised before they can access its resources (e.g. A public dataset repository where anyone can access datasets without needing to log in). - two sides to this question: on ingress of data into a data source, and on egress, which may be un-authenticated. Does your infra need to distinguish between these two cases?
     

4. Please provide description of the user audience (e.g. number of users, distribution over the globe and organisations)
   
   • Would it make sense to also ask for the specific authentication methods being used (e.g Institutional accounts (eduGAIN), ORCID, Social media, Others - please specify)
5. Do you (also) cater for users from the citizen scientists or industry users? 
6. Is the RI member of European Open Science Cloud (EOSC)?
7. Is the RI participating in Citizen Science Programmes or other initiatives or programmes?

B. AAI solution

(probaly 2 sets of question based on the BPA knowledge level - BPA begineer/rookie vs BPA savvy/advanced user)

1. Describe the currently running solution for authentication and authorisation infrastructure (AAI).

2. Is your AAI solution compliant to AARC BPA (blueprint architecture)?
3. Which AARC guidelines are you implementing? (add the table... )
4. What  is your comments about BPA implementation? (challenges in implementation, challenges in clarity, technical difficulties etc.)

• YES / NO - Guidelines for expressing community user identifiers (AARC-G026)
• YES / NO - Guidelines on expressing group membership and role information (AARC-G002) (superseded by AARC-G069)
• YES / NO - Guidelines on expressing group membership and role information (AARC-G069)
• YES / NO - Specification for expressing resource capabilities (AARC-G027)
• YES / NO - Guidelines for expressing affiliation information (AARC-G025)
• YES / NO - Inferring and constructing voPersonExternalAffiliation (AARC-G057)
• YES / NO - Exchange of specific assurance information between Infrastructure (AARC-G021)
• YES / NO - Guidelines for evaluating the combined assurance of linked identities (AARC-G031)
• YES / NO - A specification for IdP hinting (AARC-G049) (superseded by AARC-G061)
• YES / NO - A specification for IdP hinting (AARC-G061)
• YES / NO - Specification for hinting an IdP which discovery service to use (AARC-G062)
• YES / NO - A specification for providing information about an end service (AARC-G063)
• YES / NO - Guidelines for Secure Operation of Attribute Authorities (AARC-G071)

...

1. Can you describe the research workflow? 

(consider 2 aspects: producer side and consumer side)

Based on the workflow we could ask sub-quesions such as:

• Are the research data and databases of the Research Infrastructure accessible
  • yes, they are continuously accessible both inside and outside the institution
  • yes, they are continuously accessible from within the institution
  • Accessible to others on a case-by-case basis
  • Not accessible to others
• During the access of the Research Infrastructure which method is used (more than one option can be marked):
  • Providing measurement/database access based on research collaboration
  • Provision of measurement/database access for based on a contract
  • Measurements/database access with customer/requester access
  • Taking measurements/database access by providing online/remote access
  • Measurements/database access with data processing and evaluation
  • Other: (describe)
• We could consider the following questions to understand if their AAI acts as a Community AAI, Infrastructure Proxy or both (alternatively these questions could be moved to Section B - AAI solution):
  • Do users of your Research Infrastructure access services provided by other Infrastructures using your AAI? If yes, can you describe? (Please also mention your future plans in this area)

  • Do users of other infrastructures access services provided by your Research Infrastructure using your AAI? If yes, can you describe? (Please also mention your future plans in this area.)

E. Requirements

(collect generic answers  via E.1 question, then discuss in details with E.2 questions ad quideline)

1. Can you describe further requirements, gaps and challenges?
2. As we collect the answers, we will try to identify common requirements. We can use the EOSC AAI requirements as basis for this: 

• Stronger Authentication Methods → Is the requirement to have stronger authentication methods in general, or is it specifically for accessing sensitive data? Stronger authentication methods could be employed to support the requirement for access to sensitive data.
• Develop a policy requiring the community participants to provide a centralised point for managing data release decisionas
• Support for EU Digital Identity Wallets (EUDI Wallet)  —  needs explanation/short presentation what purpose it can be used for.
• Better user experience for authentication process
• Scalable solution limiting the number of consent requests in compliance with the GDPR
• Develop a sustainable solution for managing (de)provisioning rules in the locally deployed solutions of participating entities and transferring them through EOSC AAI to the end-service integration point. (Manage locally and transfer them through the whole flow)
• Dynamically establishing trust in a distributed environment
• Provide solutions for an identity beyond the research and education community in support of public sector and private sector services.
• Scalable authorization model in EOSC AAI - also requires explanation
• Identity Vetting

What about Policy related questions, e.g.:

...