Versions Compared

Old Version 1

changes.mady.by.user Hannah Short

Saved on

compared with

New Version 2

changes.mady.by.user Hannah Short

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Define a unique name for your collaboration (we recommend a DNS name to avoid collisions) 
  2. Identify a governance body to make policy decisions
  3. Define the purpose of your collaboration (this will be used for your AUP) 
  4. We strongly suggest
    1. Identifying your primary assets
    2. Completing a risk assessment
    3. Defining your rules of participation and the escalation procedure in case of non-compliance
    4. Identifying any additional legal and regulatory compliance necessary
  5. Define the following documents and seek endorsement from your governance body

    Document

    AARC Template

    Example (where no template is recommended)

    Attribute Authority Operational Security Policy

    Attribute Authority Operational Security



    Acceptable Use Policy

    WISE AUP



    Incident response procedure

     

    EOSC, UK-IRISAARC federated incident response procedure

    Membership management

    Membership Management



    Privacy Policy



    REFEDS privacy noticeUK-IRIS

    Security Operational Baseline

    Security Operational Baseline



  6. Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation such as
    1. Identify your assurance requirements following AARC-G031 
    2. Identify suitable token lifetimes following AARC-G081
  7. Ensure that the policies are presented to and accepted by the relevant audiences (e.g. service operators, end users)
  8. Publish your documents and responsible parties at a suitable location 


Info
titleRecommendation

The steps above will be elaborated in a future version of the AARC Policy Development Kit to be released in January. We strongly suggest leveraging this work for the following reasons: 

  • Save time -  the templates have been well researched and adopted in production AAIs by many research communities
  • Speak for the AAI - all components should be bound by a common set of policies to allow you to make accurate statements on security and data protection for the entire infrastructure  
  • Enable access for researchers - some research communities require evidence of the adoption of policies by researchers’ Identity Providers in order for them to be granted access
  • Limit interoperability inconveniences to end users - by adopting common policies, such as the Acceptable Use Policy, together we can decrease the number of clicks required by end users to access services