A framework for global trust and identity

Trusted identity management is crucial for global research collaboration.

To increase global collaboration, we’re building on an international framework.  In response to a need for secure research collaboration, the EU’s Horizon 2020 project developed a technical architecture and policy development kit, that is now widely used by national research infrastructure in Europe and the USA. The Authentication and Authorisation for Research Collaborations (AARC) Blueprint Architecture provides a technology neutral blueprint that standardises the implementation of access and authorisation infrastructure for research communities. 

Who uses the AARC Framework?

The AARC Framework has been adopted internationally by many earth sciences, life sciences, astronomy, high energy physics, the arts, and humanities research institutes. Australian researchers regularly collaborate with these facilities and a consistent approach to authentication and authorisation infrastructure will support ongoing collaboration.

Institutes that have adopted the AARC Framework include:

Technical architecture blueprint

The technical architecture is a set of software building blocks that can be used to implement federated access management solutions for national and international research collaborations. It is a customisable and secure solution that can be tailored to a research institute's needs.

User identity

Includes services which provide electronic identities, that can be used by users participating in a Collaborative. Typically, identity services in this layer are outside of the administrative boundaries of the Collaborative.

Identity access management

Defines an administrative, policy and technical boundary, between internal services and resources, and any other external services and resources. This layer enables the implementation of a single point for a discovery service, a group management system, and a place to manage user consent/acceptance.

User attribute services

Groups components related to managing and providing information (attributes) about users, such as group memberships and community roles, on top of the information that might be provided directly by the IdPs.

End services

Contains the services/infrastructures users actually want to use. Access to these services is protected and managed by the Framework. 

Policy development kit

Accessing, using, and operating services for research is inherently distributed. The question of trust for users, resource providers, and infrastructures, is a key concern. A set of policy documents has been created to develop a shared understanding of this trust. These policies outline the operational measures undertaken by the infrastructure to properly provide services and principally cover security measures, user management and data protection.

Top level infrastructure policy

Defines the purpose of a collaborative research environment, the roles and responsibilities of all the participants, and serves to bind all the other policies together. It also allocates terminology with specific definitions.

Operational security

Is a set of policies that define security response procedures and the responsibilities of individuals during an incident. These policies align with the internationally endorsed SIRTIFI policy. 

Membership management

Policies that specify the permitted behaviour of community members – such as an Acceptable Use policy – which every user must acknowledge and accept. As well as the Acceptable Authentication Assurance policy – which defines the level of confidence you can have, that a user is who they say they are. 

Data protection and privacy

Policies that standardise how the risks of capturing, storing and using personal information about users and their data is managed.

Each service may already have their own policies or be informed by the policies of their host institutions, on how privacy and data are managed. These policies are not designed to replace them, they are designed to become the baseline for all infrastructure in a collaborative research environment, and build a layer of common trust between users and the infrastructure community.