Getting your collaboration trusted as the ‘authoritative source of truth’ by authentication sources and service and infrastructure providers requires that your collaboration functions as intended, both today and in the future.
While collaboration management platform ‘downstream’, towards infrastructures and service providers, appears as an identity provider, it is – at least partially – making the actual identity opaque. The trust in the collaboration is based on its membership management and the adherence of its members to the purpose of the collaboration.
Similarly, towards the ‘identity’ layer - the part of the trust framework for authentication sources, possibly sourced from identity integration components or aggregators – the collaboration management should clarify that ‘access personal data’ is used in accordance with the identity provider requirements, in particular regarding minimisation of this personally identifiable information coming from the identity provider and its retention period.
In its basic form, collaboration management addresses who is responsible for the collaboration – the collaboration manager(s), and what is the membership life cycle – registration, assignment of roles, and group memberships, renewal, suspension, termination.
Large collaborations, and those that operate most of the registration process with specific, bespoke, processes, will need a more comprehensive ‘infrastructure-style’ membership management policy. It could include descriptions of a different enrolment flows, delegation of registration to a network of (home) organisations, or include review processes or a permit system for role assignment.
If you have your collaboration hosted on a platform
When you host your collaboration on a shared platform that offers its services to many communities, the platform usually defines a baseline for some operational aspects of membership management processes and handling ‘access personal data’. It can also help in makeing standard workflow available for collaboration managers, further easing this task.
And a collaboration platform provider will need to ensure the operational security of its platform and the publication of notices like the acceptable use policy and privacy notices. Since these elements are part of collaboration management, the collaboration should verify this capability, for example by reviewing the ‘Snctfi’ aspects of the policy development kit.
Using the PDK Membership Management templates
This informational guideline provides two ‘variants’ of a membership management policy template: one for light-weight collaborations, and a more extensive one for more ‘vertically integrated’ and composite collaborations. These are templates, in that each collaboration should review the proposed processes for suitability, and on adopting the policy fill in the placeholder elements, such as the name of the collaboration.