...
- User Base: Who are your users? Are they affiliated with institutions in eduGAIN, external (e.g. guest, citizen science), or a mix?
- Access Requirements: Does the sensitivity of your research require additional access approval mechanisms? Do you need fine-grained access control, or is basic authentication sufficient?
- Scale: How many services do you plan to connect to your AAI? Which protocols do they require? What is a realistic estimate of effort required to migrate all users and services from one AAI to another in case of a crisis?
- Existing Infrastructure: Do you have an identity provider (IdP) or group management service already?
- Sustainability: Can you commit operational resources, or do you need a hosted service? For how long will your AAI be required? Will your available support level be able to increase with growth of participating institutes or services?
- Environment specific requirements: Do you need any physical connectivity to dedicated networks? Are IT interventions restricted to fixed time windows? Do you have any other unusual requirements that may not be supported by off the shelf solutions?
- Governance: Who will take responsibility for policy decisions regarding your AAI? Do they have enough authority over your research community to make high level statements and decisions, e.g. for data protection, security policy requirement etc?
...