e-Researcher-Centric Policies - develop the policy framework for communities, providing recommendations for baseline “policy profiles” for users, communities and identity providers, and, through such harmonisation, will reduce the “policy silos” that hinder interoperation. The policy profiles will be defined in close interaction with European and global stakeholders, specifically the e-infrastructures and research infrastructures, so that in the AAI ecosystem every participant is able to rely on well-defined predictable behaviour by the other participants in the infrastructure.
Security for Collaborating Infrastructures Trust Framework says: "Each infrastructure has the following: ... An Acceptable Use Policy (AUP) addressing at least the following areas: defined acceptable and non-acceptable use, user registration, protection and use of authentication and authorisation credentials, data protection and privacy, disclaimers, liability and sanctions" (SCI Version 2 section 6). The AARC2 AUP alignment study aims to draft a common minimum, or 'baseline', AUP text to satisfy these requirements thereby facilitating rapid community infrastructure ‘bootstrap’, easing the trust of users across an infrastructure and providing a consistent and more understandable enrolment for users as users move between communities and project. More information can be found at the links below.
The current draft of the WISE Baseline AUP is available as a Google document here - WISE Baseline AUP template v1.3.
|BBMRI||Received from Petr Holub (15/1/18)|
|CTSC (template policy)||Acceptable Use Policy Template||Linked from Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects as google doc.|
|DAFNI (UKRI)||RCUK_AcceptableUseICTSystemsServices.pdf||Downloaded from STFC homepages 1 November 2014|
Linked from EGI Approved Security Policies
|ELIXIR||Acceptable Usage Policy and Conditions of Use||Based on the Acceptable Usage Policy of EGI, March 2015.|
|HBP collaboratory||Terms and Conditions for Service||Version 1, released on 30 March 2016|
|OSG Connect||Open Science Grid User Acceptable Use Policy||Linked from OSG Security Policies|
|Prace||PRACE Acceptable Use Policy (Sept 2014)||Downloaded from 2014-09-08-PRACE-Acceptable-Use-Policy.pdf|
|SURF||Links provided by Alf Moens (8/2/18)|
|XSEDE||XSEDE Acceptable Use Policy||Linked from XSEDE documentation web pages|
Resulting draft WISE AUP document (v1.3) after discussions at the EOSC-hub/AARC2/EGI/EUDAT/WLCG Joint Security Policy Workshop in Abingdon, UK 19-21/02/2019
This document and the associated Wiki page provide an inventory of currently identified use-cases where there is a requirement that the identity of a user accessing data or using a system or an instrument is assured with higher confidence than provided by an identification consistent with the REFEDS Assurance Framework “Cappuccino” assurance profile.
Identified use-cases come from the life sciences domain, driven by legal restrictions on the processing of human personal data. Assurance requirements include the use of multi-factor authenticators and improved “freshness” of the user’s affiliation.
Milestone Document AARC2-MNA3.5 (submitted Jan 2018) referencing wiki page with requirements identified from use-cases. Futher requirments may be added if identified during the project.
The e-Researcher task also contributes to the Assurance Framework activities in REFEDS (the REFEDS Assurance Framework RAF), the RAF Piloting activities, and the inter-infrastructure exchange of assurance profiles
http://refeds.org/assurance (REFEDS Assurance Framework)