AUDIENCE: ALL
The AARC Blueprint Architecture (BPA) is a reference framework designed to address the complex identity and access management challenges faced by international research collaborations. Developed through the AARC (Authentication and Authorisation for Research and Collaboration) project series, the BPA provides a set of interoperable architectural building blocks that enable access to research resources across different organisations and infrastructures.
The AARC BPA addresses these challenges by introducing a "community-first" approach to identity and access management. Rather than forcing researchers to navigate multiple institutional boundaries, the architecture enables research collaborations to use federated identities while managing their own access policies and rights. This approach maintains interoperability with institutional identity providers and infrastructure services. See https://aarc-community.org/architecture/
AUDIENCE: FUNDING AGENCIES
An Authentication and Authorisation Infrastructure (AAI) manages digital identities, authenticates users, and controls access to protected resources. However, implementing and operating an AAI goes far beyond technical components.
From an organisational perspective, establishing an AAI requires substantial coordination across multiple stakeholders. Institutions must align their identity management policies, agree on common attribute schemas, and establish trust relationships with partner organisations. This process often involves lengthy negotiations between legal, privacy, and technical teams to ensure compliance with various regulatory frameworks whilst maintaining operational flexibility.
The organisational overhead of AAI management includes ongoing responsibilities for user lifecycle management, policy enforcement, incident response, and compliance monitoring. Organisations must establish clear governance structures to manage identity federation relationships, handle disputes, and adapt to changing community and legislative requirements. The complexity increases significantly in international collaborations where different cultural norms, legal frameworks, privacy regulations, and institutional policies must be negotiated.
Furthermore, AAIs require ongoing investment in staff training, system maintenance, and security monitoring. Organisations must maintain expertise in identity federation protocols, security best practices, and regulatory compliance whilst managing the operational burden of supporting diverse user communities with varying technical capabilities and access requirements.