Documents archive 2015-2017

[vc_row][vc_column][vc_column_text]This page lists all the deliverables and milestones prepared during the first AARC project, which ran from 2015-2017 and was funded by the European Union’s Horizon 2020 research and innovation programme under Grant Agreement 653965.[/vc_column_text][vc_tta_tabs spacing=”4″ gap=”4″ active_section=”1″][vc_tta_section title=”Deliverables” tab_id=”deliverables”][vc_column_text]

Deliverable NameIn a nutshellProject
DNA1.2 Annual Report (Y2)AARC2 Year2 Report
This document reports on the progress of the AARC2 project during its last year (2018-2019)
DNA1.3 Summary of AARC2 Main Achievements and Sustainability and Exploitation Plans Exploitation and Dissemination Report
The document describes the AARC2 project overall dissemination and exploitation strategy and for each key exploitable project result lists the actions that are being proposed to ensure adoption of AARC2 results beyond the project lifetime.
DNA1.1 Annual ReportAARC2 Year1 Report
This document reports on the progress of the AARC2 project during its first year (2017-2018)
DNA2.2 First Advanced Training Material Content OIDC Training Material to build an OIDC Relaying Party
(Github repository)
DNA2.3 Summary Report on Training, Communication and Outreach Activities Training and Dissemination Report
This document reports on the training, outreach and promotional activities carried out in the AARC2 project, with a particular emphasis on the work done in the second year of the project.
DNA3.1/D3.4 Report on the coordination of accounting data sharing among InfrastructuresGuidance to research and e-Infrastructures concerning Data Protection Impact Assessment (DPIA) in the FIM context.
This report presents the results of the study on the evaluation of risks related to (personal) data (based on the European General Data Protection Regulation, GDPR) in the context of research and e-Infrastructures and their service providers that leverage federated identity management (FIM). Specifically, it considers personal data collected as a result of using an infrastructure (not any risks relating to the research data itself, which is a community responsibility) and provides guidance to the Infrastructures concerning Data Protection Impact Assessment (DPIA) in the FIM context. The authors present recommendations to Research Communities for determining the necessity of formal DPIA and guidelines for its execution.
DNA3.3/D3.2 Accounting and Traceability in Multi-Domain Service Provider EnvironmentsReport on how research communities can apply SCI Framework for traceability
This report details the service-centric policies that apply to the Blueprint Architecture (BPA) model proposed by AARC, how communities and generic e-Infrastructures can apply the SCI policy framework to their collective service operations, and how this supports the exchange of accounting and traceability information.The report is complemented by the AARC policy guidelines and informational documents, specificallyG042, G040, G021, the WISE SCI framework, and the AARC Policy Development Kit.
DNA3.2/D3.1 Report on Security Incident Response and Cybersecurity in Federated Authentication Scenarios Report on simulations of incident security incidents
This report provides an overview of the current state of security incident response and cybersecurity in Federated Authentication Scenarios, focusing particularly on efforts that have taken place in the past two years related to input from the AARC2 project.
DNA3.4/D3.3 Recommendations for e-Researcher-Centric Policies and AssuranceReport on Assurance and AUP relevant to research and e-infrastructures
These Recommendations provide a set of frameworks and guidelines that support, involve, and affect researchers and research communities in order to more effectively use federated identity for accessing services in a blueprint-based proxy architecture.
DJRA1.4 Evolution of the Blueprint ArchitectureLatest update of the AARC-BPA: the Community first approach
This document describes the evolution of the AARC Blueprint Architecture, starting with a summary of the changes since AARC-BPA-2017. It also describes the community-first approach which enables researchers to use their community identity for accessing services offered by different infrastructures.
DJRA1.1 Use-Cases for Interoperable Cross-Infrastructure AAI Research communities use-cases to inform the evolution of the BPA
This document analyses research community use cases that require access to services and resources across infrastructures. The research community specific use cases have been mapped to a set of generic use cases of cross-infrastructure AAI flows. These flows will serve as input for further refining and complementing where needed the AAI interoperability aspects of the AARC Blueprint Architecture.
DJRA1.2 Authorisation Models for Service ProvidersReport on the authorisation models that can be employed by Service Providers
This document describes common authorisation models that can be employed by Service Providers (SPs)in order to control access to resources in such an environment. These common models are based on a thorough analysis of use cases collected from the research communities participating in the pilot activities of AARC. The analysis includes describing the different authorisation functions, including management, evaluation and enforcement of policies and their mapping to elements of the AARC Blueprint Architecture. The types of attributes that are commonly used for evaluating authorisation policies are also elaborated on.
DJRA1.3 VO Platforms for Research Collaboration Report on the use of VO and platforms to manage them
In order to scale the users’ use of research infrastructures, cyber-and e-infrastructures, it makes sense to introduce a “virtual organisation” (VO) that can unify users with a shared purpose or research activity. This document investigates this use of the VO and makes recommendations for the platform which maintains this VO information, both for the VO’s own use but particularly for the VO’s members’ use of the infrastructure.
DSA1.1 Results of Pilots with New Communities Part 1Overview of the pilots in AARC2
This document provides a general overview of the goals and approach of the Pilots Service Activity1 in AARC2.A detailed description including an outline of the use case and the results achieved to date is given for each of the nine Research Community pilots undertaken by SA1 Task 1 in year 1 of the project. The document concludes with some lessons learned so far.
DSA1.5 How-to to Deploy Pilot Results Summary of all AARC2 pilots
This document provides an overview about the use-cases for each pilot and what was done.
DSA1.4 Final Results of Pilots for Advanced Use-Cases and New Technologies AARC2
DNA1.2 Annual Report Summary of AARC achievements.
A document to report on AARC results after two year project.
DNA1.3 Summary of main dissemination activities, main achievements of AARC for and Exploitation Report Summary of AARC dissemination, outreach and exploitation work.
A document to report on the results of AARC communication, dissemination and exploitation activities, their impact and how they mapped the AARC strategy.
DNA2.1 Report on the identified target groups for training and their requirementsThis document reports on the work done by NA2 Task 1“Learning Needs Analysis”in liaising with user groups and communities including libraries with the objective of understanding their identity management requirements and needs.AARC1
DNA2.2 Training material on main technical and policy concepts of federated access
Federations 101 (Training materials)AARC1
DNA2.3 Training material targeted to Resource and Service Providers

Introduction to federated management (Training course)AARC1
DNA2.4 Training material targeted at identity providers Training material targeted at identity providersAARC1
DNA3.1 Differentiated LoA recommendations for policy and practices of identity and attribute providers

Level of Assurance (LoA) recommendations and framework
LoA expresses confidence in the binding between a user and the identity information connected to it and is usually done by the identity provider. The actual implementation of this process is rather difficult, however (e.g. there needs to be a balance between the requirements of services and the technical feasibility and effort necessary for the identity provider). This document identifies these requirements and focuses on the REFEDS Assurance Framework to express the LoA information. The framework also includes a baseline assurance profile.
DNA3.2 Generic security incident response procedure for federations

Framework for a coordinated response to security incidents
Different research services are connected through federations where a single compromised account poses a risk to all services. Currently there is no standardized process to handle such incidents. This document provides an analysis of this problem and gives recommendations on how to build a framework to handle such incidents. These recommendations are based on the Security Incident Response Trust Framework for Federated Identity (Sirtfi).
DNA3.3 Recommendation for service operational models for enabling cross-domain sustainable services
Recommendations to build sustainable services
Often software and services are created and operated in the context of project funding. When these projects end, it becomes difficult to ensure support to run services. This deliverable provides a template to assess the sustainability of services and gives recommendations to service providers and federations operators to standardize policies.
DNA3.4 Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

Recommendations to implement a scalable and cost-effective policy framework
Creating the common federation ‘ecosystem’ for research collaboration requires that everyone is effectively connected to it, including not only those organisations whose primary purpose is collaborative research, but also institutions (both identity providers and those providing services). This document starts with a study of entity categories and the status of take-up by the eduGAIN. The document presents “Snctfi”, the new policy and trust framework that has been developed for applying policies and best practices to an e-Infrastructure or research Infrastructure using IdPs in the R&E federations via an SP-IdP proxy.
DNA3.5 Recommendations and template policies for the processing of personal data by participants in the pan-European AAI Policies for personal data
Research- and e-infrastructures involve different organisations and are often transnational in character. When sharing personal data, different national and EU regulations might apply. This documents gives recommendations and provides template policies for sharing and processing personal data within infrastructures. The recommendations focus on two frameworks: standard data protection clauses (model contracts) and binding corporate rules.
DJRA1.1 Analysis of user- community requirements

Analysis of user-community requirements
To improve the AAI landscape it is important to understand the requirements of user communities and service providers. This document provides an analysis of these requirements in three steps. First, the requirements gathered in previous activities are used to formulate an initial set. During the second step, the list is improved with the results of a survey. The third step then produces a final set of requirements and structures them in form of a table.
DJRA1.2 Blueprint architectures

AARC Blueprint Architectures
This document provides a set of building blocks for software architects and technical decision makers, who are designing and implementing access management solutions for international research collaborations.
DSA1.1 Pilots to support guest users solutionsAARC Pilots
Pilots in this task deal with enabling guest users to access federated services, especially within the library community. This mainly applies to so called walk-in users, that do not have a federated identity and should still be able to use services offered by a library. This deliverable gives an overview on three pilots in this area.
DSA1.3 Pilot to improve access to R&E relevant resources

AARC Pilots
This document provides an overview of the pilots realised within the Pilots service activity in particular concerning ways to improve access to
R&E relevant resources and (commercial) service. A total of fourteen proof of concepts were carried out to test AAI mechanisms to access non-web resources, bridging e-infrastructures and access to (commercial) cloud services.
[/vc_column_text][/vc_tta_section][vc_tta_section title=”Milestones” tab_id=”milestones”][vc_column_text]
Milestone NameProject
MNA1.1 Plan to engage with targeted communities and activitiesAARC2
MNA3.3 Define and test a model for organizations (IdP) to share information related to account compromisesAARC2
MNA3.4 Identify community accepted frameworks to present to the competence centreAARC2
MNA3.5 Inventory of high-assurance identity requirements from the AARC2 use casesAARC2
MNA3.7 Initial Data protection impact assessment on blueprint architectureAARC2
MSA1.1 Detailed plan of pilots and resources based on the use-cases listed in SA1-Task 1AARC2
MSA1.3 Initial plan for piloting advanced use cases and new technologies given input from JRA1 and NA3AARC2
MNA1.1 Project website and tools (you are looking at it!)AARC1
MNA1.2 Kick Off MeetingAARC1
MNA2.1 Guideline document for AARC training materialsAARC1
MNA2.2 First SP Training deliveredAARC1
MNA2.3 First IdP Training delivered AARC1
MNA3.1 Recommandations on minimal assurance level relevant for low-risk research use casesAARC1
MNA3.2 Community requirements on accounting dataAARC1
MJRA1.1 Existing AAI and available technologies for federated access.AARC1
MJRA1.2 Design for deploying solutions for Guest IdentitiesAARC1
MJRA1.3 Design for the integration of an Attribute Management toolAARC1
MJRA1.4 First Draft of the blueprint architectureAARC1
MSA1.1 Specify the work to be undertaken in collaboration with JRA1 and NA3AARC1
MSA1.2 Report on the user testing and future recommendationsAARC1

Skip to content