Getting your collaboration trusted as the ‘authoritative source of truth’ by authentication sources and service and infrastructure providers requires that your collaboration functions as intended, both today and in the future.
While collaboration management platform ‘downstream’, towards infrastructures and service providers, appears as an identity provider, it is – at least partially – making the actual identity opaque. The trust in the collaboration is based on its membership management and the adherence of its members to the purpose of the collaboration.
Similarly, towards the ‘identity’ layer - the part of the trust framework for authentication sources, possibly sourced from identity integration components or aggregators – the collaboration management should clarify that ‘access personal data’ is used in accordance with the identity provider requirements, in particular regarding minimisation of this personally identifiable information coming from the identity provider and its retention period.
In its basic form, collaboration management addresses who is responsible for the collaboration – the collaboration manager(s), and what is the membership life cycle – registration, assignment of roles, and group memberships, renewal, suspension, termination.
Large collaborations, and those that operate most of the registration process with specific, bespoke, processes, will need a more comprehensive ‘infrastructure-style’ membership management policy. It could include descriptions of a different enrolment flows, delegation of registration to a network of (home) organisations, or include review processes or a permit system for role assignment.
If you have your collaboration hosted on a platform
When you host your collaboration on a shared platform that offers its services to many communities, the platform usually defines a baseline for some operational aspects of membership management processes and handling ‘access personal data’. It can also help in makeing standard workflow available for collaboration managers, further easing this task.
And a collaboration platform provider will need to ensure the operational security of its platform and the publication of notices like the acceptable use policy and privacy notices. Since these elements are part of collaboration management, the collaboration should verify this capability, for example by reviewing the ‘Snctfi’ aspects of the policy development kit.
Membership Management Policy Development
The informational guideline AARC-I086 on membership management policy development, part of the AARC Policy Development Kit, provides membership management policy templates for use in both light-weight as well as composite (infrastructure) collaborations. The policy templates can be used by and should be adapted by collaborations before adoption. The light-weight template provides placeholder elements, such as the name of the collaboration, which can be filled in for seamless adoption. Adopting structured collaboration management facilitates trust by identity sources (ability to obtain more relevant authentication and identity attributes) and trust by infrastructures and service providers.
Using the PDK Membership Management templates
This informational guideline provides two ‘variants’ of a membership management policy template: one for light-weight collaborations, and a more extensive one for more ‘vertically integrated’ and composite collaborations. These are templates, in that each collaboration should review the proposed processes for suitability, and on adopting the policy fill in the placeholder elements, such as the name of the collaboration.
| PDK v1 (infrastructures) | https://docs.google.com/document/d/1rVfpEGv_QIvf9V2gwtRS24kQfa3SYdbefAvaLnNpVa8 |
| PDK v2 (collaborations) | https://docs.google.com/document/d/1mT6DhJxMg2APQlicE0UfjYjAfoZc1DqUJKQCZt_P4Q0 |