This document provides a short overview over selected types of tokens used to identify and authorise users. We analyse the different properties of tokens and categorise available authorisation patterns to give recommendations about the lifetimes of tokens associated with specific…
This specification extends the OAuth 2.0 Token Introspection method defined in RFC 7662. It defines a method for an OAuth 2.0 Authorization Server (AS) that receives an introspection request for a token it did not issue, to query a different,…
Information about the groups a user is a member of is commonly used by relying parties in order to authorise user access to protected resources. This document provides guidelines for expressing group membership and role information across AARC BPA-compliant AAI…
This specification defines how SP-IdP Proxies can provide hints about services towards Discovery Services to improve the user experience of the authentication process Document URL: information: N/AStatus: Final (11 Apr 2022)DOI: 10.5281: noneSupersedes: none
These guidelines describe the minimum requirements and recommendations for the secure operation of attribute authorities and similar services that make statements about an entity based on well-defined attributes. Adherence to these guidelines may help to establish trust between communities, operators…
This document defines a generic browser-based protocol for conveying – to services – hints about the Discovery Service that should be used for letting the user choose an Identity Provider. Document URL: information: N/AStatus: Final (11 Oct 2021)DOI: 10.5281: noneSupersedes: none
This document defines a generic browser-based protocol for conveying – to services – hints about the IdPs or SP-IdP-proxies that should be used for authenticating the principal. This protocol, colloquially referred to as Identity Provider (IdP) hinting, can greatly simplify…
Conveying affiliation information from origin providers across infrastructures proxies as defined in G025 is only possible if the origin identity provider releases such information. In case no eduPersonScopedAffiliation is provided, it may be partially reconstructed according to these guidelines. If…
This document defines a generic browser-based protocol for conveying – to services – hints about the IdPs or IdP-SP-proxies that should be used for authenticating the principal. This protocol, colloquially referred to as Identity Provider (IdP) hinting, can greatly simplify…
The AARC Blueprint Architecture (BPA) provides a set of building blocks for software architects and technical decision makers who are designing and implementing access management solutions for international research collaborations. This document describes the evolution of the AARC Blueprint Architecture,…
© members of the AARC Community.
The AARC name and AARC logo are © GÉANT Vereniging 2014-2024
The work leading to these results has received funding from the European Union (GAP 101131237) and other sources. The contents of this publication is the sole responsibility of AARC and does not necessarily reflect the opinion of the European Union.
