...
Completed Documents
Guidelines
| ID | Title | Summary | Links | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
AARC-G002 Supersedes: AARC-G001 (June 13, 2017) (was AARC-JRA1.4A) | Guidelines on expressing group membership and role information | Information about the groups a user is a member of is commonly used by SPs to authorise user access to protected resources. Apart from the group information that is managed by the user’s home IdP, research communities usually operate their own group managing services. Such services often act as Attribute Authorities, maintaining additional information about the users, including VO membership, group membership within VOs, as well as user roles. It is therefore necessary that all involved SPs and IdPs/AAs can interpret this information in a uniform way. Specifically, the following challenges are addressed by this document:
| AARC-JRA1.4A (201710) [PDF] Older versions AARC-JRA1.4A (1.0) [PDF] |
| ||||||
| AARC-JRA1.4B | Guidelines on attribute aggregation |
| ||||||||
| AARC-JRA1.4C | Guidelines on token translation services |
| ||||||||
| AARC-JRA1.4D | Guidelines on credential delegation |
| ||||||||
AARC-JRA1.4E | Best practices for managing authorisation |
| ||||||||
| AARC-JRA1.4F | Guidelines on non-browser access |
| ||||||||
| AARC-JRA1.4G | Guidelines for implementing SAML authentication proxies for social media identity providers |
| ||||||||
| AARC-JRA1.4H | Account linking and LoA elevation use cases and common practices for international research collaboration |
| ||||||||
| AARC-JRA1.4I | Best practices and recommendations for attribute translation from federated authentication to X.509 credentials |
|