Trust and Identity Policy Working Group

The Trust and Identity Policy Working Group has reviewed a set of policies that can be used by research collaborations, to enable trusted and secure collaboration across multiple services and organisations.

Ensuring that researchers can easily collaborate across national research organisations, facilities and services is a challenge. To address this issue, the AAF has coordinated a Trust and Identity Policy Working Group (T&I PWG), with the objective to identify a set of common policies that can be used by research collaborations, enabling trusted and secure collaboration across multiple services and organisations. 

The AAF is not starting from scratch, we are building on the learnings from the EUs Authentication and Authorisation for Research Collaborations (AARC) organisation who has created a Policy Development Kit (AARC PDK) for just this purpose.

The policy templates in that kit cover all aspects of identity management within a research collaboration including privacy, membership management and critical incident management.

The AARC PDK identifies who is responsible for each policy, the target audience, and provides valuable questions organisations can ask themselves to assist with the process.  

In collaboration with fellow National Collaborative Research Infrastructure Strategy (NCRIS) funded facilities the T&I PWG has reviewed the Australian context, and considered whether this AARC PDK is appropriate for Australian research. The T&I PWG has reviewed the templated policies, both in the context of their own policy suites and within the terms of collaborations they are currently operating or are considering.

We aim to establish a standard set of policies that will support easy access to data and compute and enable research greater collaboration nationally and internationally. 

Key considerations

Key considerations that the T&I PWG focussed on include how a system-wide policy approach would:

Define the roles and the responsibilities of all facilities and users of their services.
Define the expected behaviour of all facilities and users of their services.
Define the security response procedure and responsibilities of individuals during a cyber incident.
Manage the risk of capturing, storing, and using personal information about users and their data.

Key dates

The Policy Working Group kicked off in July 2023, followed by a series of meetings and interviews.

Policy Working Group Meeting 1 – 26 September 2023
Community interviews – November 2023 – May 2024
Policy Working Group Meeting 2 – 1 February 2024
Policy Working Group Meeting 3 – 12 June 2024

Key documents

Policy Working Group documents published by the AAF.