AUDIENCE: RESEARCH COMMUNITY MANAGEMENT

Many of your questions will not be solved by defining your technical stack - arguably some of the most difficult issues relate to policy. Regardless of what software you choose, those responsible for your research community will need to be able to show that the following considerations, among others, have been addressed:

  • How are members identified, verified and removed from the collaboration? 
  • Are all services within the AAI implementing security patches? 
  • What will happen when there is a security incident?
  • Who has access to user data?

AARC’s Policy guidelines are a compilation of best practices and recommendations that help research and e-Infrastructures to implement scalable and cost-effective policy and operational frameworks for their AARC BPA compliant AAIs. These documents aim to ensure three core capabilities for Research Infrastructures: Operational Security, Trustworthy Membership Management and Data Protection. 

The set of necessary policies has been reviewed in AARC-I082 following several years of experience of running the AARC BPA in practice. This document addresses trust across the entire chain of AAI components and aims to remove difficulties in tracing back any information to its original source. Establishing trust becomes more challenging when it is not possible to see which link in the ‘chain’ asserts which information and how trustworthy that link is.

Practical steps for adopting AARC’s policy recommendations

Please visit the Policy Development Kit.  


Recommendation

We strongly suggest leveraging the Policy Development Kit for the following reasons: 

  • Save time -  the templates have been well-researched and adopted in production AAIs by many research communities
  • Speak for the AAI - all components should be bound by a common set of policies to allow you to make accurate statements on security and data protection for the entire infrastructure  
  • Enable access for researchers - some research communities require evidence of the adoption of policies by researchers’ Identity Providers in order for them to be granted access
  • Limit interoperability inconveniences to end users - by adopting common policies, such as the Acceptable Use Policy, together we can decrease the number of clicks required by end users to access services


  • No labels