#Please describe the high-level goal of the incubator Activity, provide an overview of the anticipated work and needed resources and skills. Please also describe how commitment from various partners is warranted. - delete this line after using the template#

<Enter here>The primary goal of the Authentication and Authorization Infrastructure (AAI) is to provide centralized authentication and authorization mechanisms. In an environment based on the AAI, one of such authorization rules might be fulfilling the policy requirements, set i.e. in an AUP document defined by the community, service provider, or organizational unit. In general, when the resource owner or provider decides that a specific policy has to be enforced when the resource is used, AAI needs to provide a mechanism for both sides to manage and fulfill this requirement. These rules need to cover several cases, i.e. a situation of actively using the resource (i.e. web-based service login), as well as just-in-case scenarios, like the data provisioning.

#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template#

<Enter here>This topic aims to explore the area of enforcing acceptance of Acceptable Use Policies as an activity of managing access to resources. We like to understand which parties (e.g. user communities, e-infrastructures, resource owners, …) need to be involved in the process and how to combine their requirements together. Based on the analysis we will develop a web-based application which will provide tools to manage AUPs on a central level (within the AAI) and let users approve (whilst recording this act) such a policy document.

#Please describe the technical details for the Activity. - delete this line after using the template#

<Enter here>

The outcome should be a web application consisting of several modules. The first part will provide tools for resource owners to define the policies. The second module will serve users for approving the policy requirements. Another module will act as an integration point of this component into the AAI environment, i.e. by providing an API to query whether the policy authorization requirements have been satisfied.

#What is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#

<Enter here>From the resource owner's point of view, they need to have tools to set up policy enforcement. On the other end of the process, a user using the resource needs to be able to mark the fulfillment of such a requirement, i.e. by making a claim of accepting the AUP document contents and promising to follow the rules described in the document.

• application is not finished in time
• application cannot be integrated with a popular identity management system

#Are there risks that influence either the implementation of the activity or its outcomes? - delete this line after using the template#

#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#

<Enter here>

There is almost no user data directly handled by the application. Authentication will be abstracted by OIDC, only user identifier (OIDC sub claim) will be handled.

• web app allows management (creation and editing) of AUP texts
• API provides a way to retrieve and approve AUPs
• user- or admin-facing parts are internationalized
• app is integrated with at least one identity management system

#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template#

#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template#

<Enter here>The final product will be tested as a part of the Life Sciences AAI (LS AAI), utilising the Proxy Identity Provider (SaToSa) and the Identity Management System (Perun) as the integration points.

• GitLab repository: https://gitlab.ics.muni.cz/perun-proxy-aai/aup-manager
• First public demo: https://drive.google.com/drive/folders/1wjrt3qJ6SgK4ir-HXGDjMuXe9q7wc6EW?usp=sharing