Membership Management Policy for <Collaboration name>

This policy is effective from <insert date>.

The current collaboration manager can be found at <insert link>.

INTRODUCTION 

This policy establishes practices that are adopted by <collaboration X> in the management of its members. Accurate management of a collaboration’s members and their authorisation attributes is fundamental to ensuring secure access control. Trust between <collaboration X>, underlying infrastructure and partner collaborations may be established by rigorous application of this policy. 

COLLABORATION MANAGER

<Collaboration X> defines a Collaboration Manager role and assigns this role to two or more individuals. The Collaboration Manager is responsible for meeting the requirements identified in this policy. This responsibility may be devolved to designated personnel in the Collaboration or in the Infrastructure, and their trusted agents (such as Institute Representatives or Resource Centre Managers).

MEMBERSHIP LIFE CYCLE REQUIREMENTS 

Membership Life Cycle: Registration

Membership Registration is the process by which an applicant joins the Collaboration and becomes a Member. Registration Data must be collected at the time of Registration, verified and stored in compliance with the Privacy Notice [ref]. Reasonable efforts must be spent to validate the data.

Membership Life Cycle: Assignment of Attributes

Assignment of attributes (such as group membership, entitlements, or roles) shall be the responsibility of the Collaboration Manager or of designated person(s).
Attributes shall be assigned only for as long as they are applicable.

Membership Life Cycle: Renewal

Membership Renewal is the process by which a User remains a member. Renewal procedures shall
* ensure that accurate Registration Data is maintained
* confirm continued eligibility of the User to use Resources assigned to the Collaboration
* confirm continued eligibility of the User to any attributes
* ensure the reaffirmation of acceptance of the Collaboration AUP
The maximum time span between Registration and Renewal, and between Renewals, shall be <INSERT RENEWAL TIMESPAN>. The User shall be able to correct and amend their Registration Data at any time.

Membership Life Cycle: Suspension

The Suspension of Collaboration membership is the temporary revocation of full or partial rights and of any attributes. Suspension is done by or on behalf of the Collaboration Manager. 
A User should be suspended when the Collaboration Manager is presented with reasonable evidence that the member’s identity or credentials have been used, with or without the user’s consent, in breach of relevant Policy.
The Collaboration Manager must act on any requests for suspension without delay.
User’s rights shall not be reinstated unless the Collaboration Manager has sent timely prior notification to all those who requested Suspension.

Membership Life Cycle: Termination

The Termination of Collaboration membership is the removal of a member from the Collaboration. Following Termination, the former member is no longer eligible to use Infrastructure Resources assigned to the Collaboration. The Collaboration must no longer assert membership or attributes for the former member.
In absence of overriding reasons, a request by the User for removal must be honoured.
The events that shall trigger possible termination of the User’s membership of the Collaboration include:
* failure to complete a membership Renewal process within the allotted time
* end of participation of the User in the Collaboration

REGISTRATION DATA REQUIREMENTS

The Registration data for a User comprises verified information:
* family name(s)
* given name(s)
* the employing organisation name and address
* a professional email address
* unique and non-reassigned identifier(s) of the User and the source of authority of each identifier
* <Add or delete lines as required>
and is recommended to contain:
* professional contact telephone number so as to inform the User promptly during the investigation of security incidents and of lifecycle events
* other contact information, as voluntarily provided and maintained by the User.
The types of information recorded must be listed in the Privacy Notice

AUDIT AND TRACEABILITY REQUIREMENTS

The Collaboration records and maintains an audit log of all membership lifecycle transactions. This audit log is kept for a minimum period consistent with the Traceability and Logging Policies of all Infrastructures that provide resources to the Collaboration.
* Membership,
* assignment of or change to a member’s attributes,
* membership renewal,
* membership suspension,
* membership termination or re-evaluation.
Each logged event should record the date and time, the originator, the details of the event, and whether or not it was approved. The identity of the person granting or refusing the request should be recorded, including any verification steps involved and other people consulted.

ACCEPTABLE USE POLICY REQUIREMENTS

Collaboration X defines an Acceptable Use Policy (AUP) [ref]. The AUP must be shown to all persons joining the Collaboration. Acceptance of the AUP by Collaboration members who act as responsible persons towards the Infrastructure must be an explicit action, must be recorded, and must be a prerequisite for registration in the Collaboration [ref]. The AUP should provide awareness on inappropriate actions by individual users that may affect the ability of other members to use an infrastructure.

Attribution