A. Generic
1.Which Research Infrastructure (RI) are you representing?
2. Which field of science are you serving ? (Frascati manual of Fields of Research and Development (FORD)) (can we compile a list!?)
3. Please provide description about the research infrastructure (e.g. which kind of infrastructure and related services are delivered and by whoom, is there a formalised collaboration etc.)
4. Please provide description of the user audience - type of users (research, citizen scientists, industry users), number of users, distribution over the globe and organisations
5. Is the RI member of European Open Science Cloud (EOSC)?
6. Is the RI participating in Citizen Science Programmes or other initiatives or programmes?
B. AAI solution
1.Describe the currently running solution for authentication and authorisation infrastructure (AAI).( Which specific authentication methods being used to cater for different user audience (e.g Institutional accounts (eduGAIN), ORCID, Social media, Others - please specify))
2.Is your AAI solution compliant to AARC BPA (blueprint architecture)?
3.Which AARC guidelines are you implementing? (add the table... )
- YES / NO - Guidelines for expressing community user identifiers (AARC-G026)
- YES / NO - Guidelines on expressing group membership and role information (AARC-G002) (superseded by AARC-G069)
- YES / NO - Guidelines on expressing group membership and role information (AARC-G069)
- YES / NO - Specification for expressing resource capabilities (AARC-G027)
- YES / NO - Guidelines for expressing affiliation information (AARC-G025)
- YES / NO - Inferring and constructing voPersonExternalAffiliation (AARC-G057)
- YES / NO - Exchange of specific assurance information between Infrastructure (AARC-G021)
- YES / NO - Guidelines for evaluating the combined assurance of linked identities (AARC-G031)
- YES / NO - A specification for IdP hinting (AARC-G049) (superseded by AARC-G061)
- YES / NO - A specification for IdP hinting (AARC-G061)
- YES / NO - Specification for hinting an IdP which discovery service to use (AARC-G062)
- YES / NO - A specification for providing information about an end service (AARC-G063)
- YES / NO - Guidelines for Secure Operation of Attribute Authorities (AARC-G071)
4.What is your comments about BPA implementation? (challenges in implementation, challenges in clarity, technical difficulties etc.)
C. Policy for access management
1.Does the Research Infrastructures have an access policy? (the access policy governs who can access the infrastructure, under what conditions)
2. Is there a formalised procedure to manage access rights to services (e.g. cooperation agreement, call for application and evaluation, ad-hoc individual order/access, member of an organisation, etc.)?
3. What are the requirements for identification of the users (e.g. required information, LoA, authentication method)?
4. How do you implement the policy for access management (e.g. how is the individual who can access the research research data/measurement data/your research instrument identified and authorised)?
D. Security
1.Is there a GDPR Data Controller designated for the AAI?
2.Has the AAI designated a security contact to handle security incidents?
3.Does the AAI adhere to SIRTFI or other recognised security frameworks?
E. Workflow
1. Can you describe the research workflows?
F. Requirements
1.Can you describe further requirements, gaps and challenges?