...
Guideline 071 (previously known as G048 revision 2 G048bis) evolved and clarifies the scope of the guidance for Attribute Authority operators. Specifically, we realise that the AAOPS guidelines are applicable not only ot to the membership management services, but are equally relevant for the other proxy components. In the revision process, we look at generalising the guidance so that attribute-specific elements are removed and more flexibility is added to cater do the various proxy delivery models (as-a-service, bespoke, multi-tenant, and on-prem).
Comments and suggestions to this pre-publication are were invited from the AARC Community policy list, AEGIS, community and the IGTF - at this stage by email to the authors or comments to this Wiki page, and endorsed by AEGIS on April 11th, 2022:
- AARC-G071Guidelines for Secure Operation of Attribute Authorities and issuers of statements for entities (OfficeXML document)
- Pre-publication also Official publication in Zenodo (https://doi.org/10.5281/zenodo.5927799) also here as PDF document
The document above has been consolidated from the Google document that had received feed-back in 2021. That version has been re-formatted for readability, and an acklowledgement section and list of authors and contributors has been added to it. The Google document, and its comment history, are preserved here:
...