Versions Compared

Old Version 2

changes.mady.by.user Hannah Short

Saved on

compared with

New Version Current

changes.mady.by.user Sally Chambers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Practical steps for adopting AARC’s policy recommendations

...

  1. Identifying your primary assets
  2. Completing a risk assessment
  3. Defining your rules of participation and the escalation procedure in case of non-compliance
  4. Identifying any additional legal and regulatory compliance necessary

...

Document

...

AARC Template

...

Example (where no template is recommended)

...

Attribute Authority Operational Security Policy

...

Attribute Authority Operational Security

...

Acceptable Use Policy

...

WISE AUP

...

Incident response procedure

...

 

...

EOSC, UK-IRISAARC federated incident response procedure

Please visit the Policy Development Kit.  


...

Membership management

...

Membership Management

...

Privacy Policy

...

REFEDS privacy noticeUK-IRIS

...

Security Operational Baseline

...

Security Operational Baseline

...

  1. Identify your assurance requirements following AARC-G031 
  2. Identify suitable token lifetimes following AARC-G081

...

Info
titleRecommendation

The steps above will be elaborated in a future version of the AARC We strongly suggest leveraging the Policy Development Kit to be released in January. We strongly suggest leveraging this work for the following reasons: 

  • Save time -  the templates have been well-researched and adopted in production AAIs by many research communities
  • Speak for the AAI - all components should be bound by a common set of policies to allow you to make accurate statements on security and data protection for the entire infrastructure  
  • Enable access for researchers - some research communities require evidence of the adoption of policies by researchers’ Identity Providers in order for them to be granted access
  • Limit interoperability inconveniences to end users - by adopting common policies, such as the Acceptable Use Policy, together we can decrease the number of clicks required by end users to access services

...