Why should Research Communities invest in AARC compliance?

The AARC Blueprint Architecture (BPA) provides a proven, interoperable framework for Authentication and Authorisation Infrastructure (AAI) that supports scalable, secure and sustainable access to research services. 

  • For Researchers:
    Simplified access through single institutional credentials, eliminating multiple accounts and reducing authentication friction so that researchers can focus on research.

  • For Research Collaborations:
    Managed membership and access policies independent of institutional boundaries, supporting both small projects and large international infrastructures.

  • For Service Providers:
    Reduced integration effort via a proxy-based model that hides federation complexity and enables advanced access control without bespoke authorisation logic.

  • For Infrastructure Operators:
    A scalable, multi-tenant AAI model that supports multiple communities efficiently while sharing operational costs and maintaining appropriate isolation.

  • For Security and Risk Management:
    Centralised policy enforcement, logging and incident response; support for assurance frameworks; cryptographically secured trust relationships.

  • For Funders:
    Avoids duplicated effort by scarce identity experts, enables scalable policy and technology standards, and supports European and global collaboration.

  • For the Research Ecosystem:
    Enables true interoperability across research infrastructures, breaking down silos and supporting cross-infrastructure access. The architecture is sufficiently flexible to integrate emerging identity technologies such as European Digital Identity Wallets and OpenID Federation.

Overall, the AARC BPA is a mature, widely-adopted solution that underpins sustainable, interoperable identity management for modern, international research collaboration.

Research Collaborations should prioritise establishing an AARC Compliant AAI as an early cornerstone in the development of their infrastructure. As the pressure for researchers to engage with research infrastructures increases, it will be tempting to adopt sub-optimal AAI mechanisms that will ultimately impact research productivity. Early investment in a common, AARC-compliant AAI significantly reduces long-term costs, operational complexity and disruption, compared to retro-fitting identity solutions once communities are already established.



Why should Funding Agencies support common AAI solutions?

An Authentication and Authorisation Infrastructure (AAI) manages digital identities, authenticates users, and controls access to protected resources. However, implementing and operating an AAI goes far beyond technical components.

From an organisational perspective, establishing an AAI requires substantial coordination across multiple stakeholders. Institutions must align their identity management policies, agree on common attribute schemas, and establish trust relationships with partner organisations. This process often involves lengthy negotiations between legal, privacy and technical teams to ensure compliance with various regulatory frameworks whilst maintaining operational flexibility.

The organisational overhead of AAI management includes ongoing responsibilities for user lifecycle management, policy enforcement, incident response and compliance monitoring. Organisations must establish clear governance structures to manage identity federation relationships, handle disputes, and adapt to changing community and legislative requirements. The complexity increases significantly in international collaborations where different cultural norms, legal frameworks, privacy regulations and institutional policies must be negotiated.

Furthermore, AAIs require ongoing investment in staff training, system maintenance and security monitoring. Organisations must maintain expertise in identity federation protocols, security best practices and regulatory compliance, whilst managing the operational burden of supporting diverse user communities with varying technical capabilities and access requirements.

The AARC Community recommends continued and strengthened support for shared AAI solutions (hosted services or open-source software) because they deliver system-wide benefits:

  • More research, less overhead:
    Seamless AAI reduces time spent managing accounts and access.

  • Improved security and accountability:
    Centralised access control and logging simplify incident detection and response.

  • Efficiency and reuse:
    Shared solutions prevent duplication and accelerate project set-up.

  • Better use of expertise:
    Service providers focus on research services, while AAI specialists improve shared identity infrastructure. This is especially critical for cross-domain resource sharing.

  • Policy agility:
    Common AAIs provide a central point for enforcing and communicating evolving funding and compliance policies.

  • Lower costs and sustainability:
    Shared investment reduces duplication and ensures long-term viability.

  • Alignment with public values:
    Community-governed AAIs reduce reliance on commercial providers and preserve academic control and resilience.

  • Stronger global collaboration:
    Trusted, cross-border access mechanisms amplify the impact of funded infrastructures across the global research ecosystem.


Funding agencies should not only fund shared AAI solutions and hosted services but also require early involvement of AAI operators in grant proposals, ensuring best practices are followed and avoiding delays or sub-optimal implementations due to late or unfunded AAI integration.