To provide trust across the layered architecture of the AARC Blueprint (BPA), end-to-end trust across the components for collaboration management, user privacy, identity assurance, and operational security must be provided. This document sets out the overview of trust relationships in the AARC BPA, building on the body of guidelines under development in the AARC community and related coordination bodies for research and education identity federation: REFEDS, IGTF, and WISE. Reviewing the state of the policy landscape and the effectiveness of the first Policy Development Kit (PDK), we propose a new structure for policy organisation based on identified target audiences: external identity sources, the identity, collaboration management, and infrastructure integration components, and site-local integrations and services. Research community governance is discussed as far as it affects authentication and authorisation. Based on deployment experience with the PDK this framework distinguishes more clearly between policies and the processes and procedures that implement such policies. While this Trust Framework provides the structure for the revised Policy Development Kit, it intentionally does not provide the policies and procedures themselves, but identifies the smallest set of distinct guidelines (policies, good practices, procedures) necessary to cover the trust, security, and operational interactions.

Document URL: https://wiki.geant.org/download/attachments/1032355969/AARC-I082%20Trust%20framework%20for%20proxies%20and%20Snctfi%20research%20services.pdf
Development information: https://wiki.geant.org/display/AARC/AARC-I082+Trust+framework+for+proxies+and+Snctfi+research+services
Status: Final
DOI: https://doi.org/10.5281/zenodo.15506826
Errata: none
Supersedes: