AUDIENCE: ALL
The AARC Blueprint Architecture (BPA) is a reference framework designed to address the complex identity and access management challenges faced by international research collaborations. Developed through the AARC (Authentication and Authorisation for Research and Collaboration) project series, the BPA provides a set of interoperable architectural building blocks that enable access to research resources across different organisations and infrastructures.
The AARC BPA addresses these challenges by introducing a "community-first" approach to identity and access management. Rather than forcing researchers to navigate multiple institutional boundaries, the architecture enables research collaborations to use federated identities while managing their own access policies and rights. This approach encourages interoperability with institutional identity providers and infrastructure services.
The latest version of the AARC BPA (2025) included the following layers:
Authentication
- Manages authentication via trusted Identity Providers (IdPs) using e.g. SAML (Security Assertion Markup Language) & OIDC (OpenID Connect)
- May include proxies
Attribute Services
- Manages user attributes
Access Protocol Translation
- Includes Service Provider (SP)-IdP-Proxy and Discovery Service
- Manages notice presentation for privacy policies, Acceptable Use Policies
Authorisation
- Controls access to Services
- Centralises complex authorisation decisions
- Reduces complexity for services
Services
- Protected services (e.g. wikis, APIs, compute resources)
- Supports web-based and non-web-based resources
- May include proxies for cross-infrastructure access
For further details about the AARC BPA, see: https://aarc-community.org/architecture/
