Information about the groups a user is a member of is commonly used by relying parties in order to authorise user access to protected resources. This document provides guidelines for expressing group membership and role information across AARC BPA-compliant AAI…
This specification defines how SP-IdP Proxies can provide hints about services towards Discovery Services to improve the user experience of the authentication process Document URL: information: N/AStatus: Final (11 Apr 2022)DOI: 10.5281: noneSupersedes: none
These guidelines describe the minimum requirements and recommendations for the secure operation of attribute authorities and similar services that make statements about an entity based on well-defined attributes. Adherence to these guidelines may help to establish trust between communities, operators…
This document defines a generic browser-based protocol for conveying – to services – hints about the Discovery Service that should be used for letting the user choose an Identity Provider. Document URL: information: N/AStatus: Final (11 Oct 2021)DOI: 10.5281: noneSupersedes: none
This document defines a generic browser-based protocol for conveying – to services – hints about the IdPs or SP-IdP-proxies that should be used for authenticating the principal. This protocol, colloquially referred to as Identity Provider (IdP) hinting, can greatly simplify…
Conveying affiliation information from origin providers across infrastructures proxies as defined in G025 is only possible if the origin identity provider releases such information. In case no eduPersonScopedAffiliation is provided, it may be partially reconstructed according to these guidelines. If…
This document defines a generic browser-based protocol for conveying – to services – hints about the IdPs or IdP-SP-proxies that should be used for authenticating the principal. This protocol, colloquially referred to as Identity Provider (IdP) hinting, can greatly simplify…
The AARC Blueprint Architecture (BPA) provides a set of building blocks for software architects and technical decision makers who are designing and implementing access management solutions for international research collaborations. This document describes the evolution of the AARC Blueprint Architecture,…
The purpose of this document is to provide information to infrastructures for efficiently implementing access restrictions that are required by the individual communities and e-Infrastructures. The suggestions are given within the setting of the AARC BPA. In this scenario, user…
This document standardises the way group membership information is expressed. It defines a URN-based identification scheme that supports: indicating the entity that is authoritative for each piece of group membership information; expressing VO membership and role information; representing group hierarchies.…
© members of the AARC Community.
The work leading to these results has received funding from the European Union (GAP 101131237) and other sources. The contents of this publication is the sole responsibility of AARC and does not necessarily reflect the opinion of the European Union.
