An analysis of the improvements required on PDK v1 is included in https://doi.org/10.5281/zenodo.15506826
| Research Governance | Users | Identity | Collaboration Management | Infrastructure Integration and Service Providers |
|---|---|---|---|---|
| Rules of Participation | Membership Management | Service Levels 'AIC' Security ????????? - ASK DAVID | ||
| Identification of Primary Assets | WISE AUP | WISE AUP | WISE AUP | |
| Research Risk Assessment | Attribute Authority Operational Security | Attribute Authority Operational Security | ||
| Escalation Procedure | Sirtifi | Security Operational Baseline | Security Operational Baseline | |
| Legal and Regulatory Complience | (EEA) Privacy Notice | REFEDS DP CoCo | REFEDS DP CoCo | REFEDS DP CoCo |
| WISE AUP and Privacy Notice | Sensitive Data Access (Policies) | Sensitive Data Access (Enforcement) | ||
| REFEDS Assurance Framework | Assurance Requirements | Assurance Requirements | ||
| Incident Response Procedure | Incident Response Procedure | |||
| Sirtifi | Sirtifi | |||
| Notice management (presentation) | Notice management (provision) | |||
| Privacy Notice | Privacy Notice | |||
| No Work Needed | Reference Externally | Work Need | Out of Scope | Not a Policy |
Steps to getting started with Policies for a Collaboration
- Define a unique name for your collaboration (recommend DNS)
- Identify a governance body to make policy decisions
- We strongly suggest (although this is out of scope here)
- Identifying your primary assets
- Completing a risk assessment
- Defining your rules of participation and the escalation procedure in case of non-compliance
- Any additional legal and regulatory compliance necessary
- Define the purpose of your collaboration → this will be used for your AUP
- Define, or agree to adopt as is, the following 6 policies and seek endorsement from the governance body
- Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
- Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/
- Identify suitable token lifetimes
- Ensure that the policies are presented to and accepted by the relevant audiences
- Publish your policies at a suitable location
| Document | AARC template for interoperability | Examples |
|---|---|---|
| Membership management | Membership Management | |
| AUP | WISE AUP | |
| Privacy Policy | REFEDS privacy notice | |
| AAOPS | Attribute Authority Operational Security | |
| Security Operational Baseline | Security Operational Baseline | |
| Incident response procedure | EOSC, UK-IRIS, AARC federated incident response procedure |