Versions Compared

Old Version 6

changes.mady.by.user Hannah Short

Saved on

compared with

New Version Current

changes.mady.by.user Sally Chambers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Implementing an Authentication and Authorisation Infrastructure (AAI) that is compliant with the AARC Blueprint Architecture (BPA) requires navigating a range of technical, policy, and organisational decisions. This section provides practical guidance for prospective implementers - whether you are a research community, infrastructure operator, or service provider - based on maturity level, available resources, and interoperability goals.

...

  • User Base: Who are your users? Are they affiliated with institutions in eduGAIN, external (e.g. guest, citizen science), or a mix?
  • Access Requirements: Does the sensitivity of your research require additional access approval mechanisms? Do you need fine-grained access control, or is basic authentication sufficient?
  • Scale: How many services do you plan to connect to your AAI? Which protocols do they require? What is a realistic estimate of effort required to migrate all users and services from one AAI to another in case of a crisis?
  • Existing Infrastructure: Do you have an identity provider (IdP) or group management service already?
  • Sustainability: Can you commit operational resources, or do you need a hosted service? For how long will your AAI be required? Will your available support level be able to increase with growth of participating institutes or services?
  • Environment specific requirements: Do you need any physical connectivity to dedicated networks? Are IT interventions restricted to fixed time windows? Do you have any other unusual requirements that may not be supported by off the shelf solutions?
  • Governance: Who will take responsibility for policy decisions regarding your AAI? Do they have enough authority over your research community to make high level statements and decisions, e.g. for data protection, security policy requirement etc?

Step 2: Define your Policies 

Further guidelines are provided in the policy section. For practical steps for adopting AARC's policy recommendations, please visit the Policy Development Kit.  

Step 3: Choose an Implementation Path

The following flow chart may help you frame the necessary questions to understand whether to use a hosted AAI platform or run your own.

Option 1:

...

Complete AAI Platform, hosted by a third party supplier 

Wherever possible, the AARC community recommends using a hosted platform to benefit from the points mentioned previously. 

...

  • Staffing: Assign roles for technical ops, security, policy coordination, and user support. Ensure adequate personnel are in place for technical assistance.
  • Monitoring: Track login flows, token issuance, and service usage
  • Updates: Stay aligned with emerging AARC TREE recommendations (e.g. support for OIDC Federation, digital wallets)
  • Governance: Ensure stakeholders agree on responsibilities, especially if federating across institutions or countries
  • Funding: Secure ongoing resources (vs. project-based funding) for operational continuity.