A new EU grant will boost the expansion of the AARC framework for Trust and Identity
A decade of work on establishing interoperable Authentication and Authorization Infrastructures (AAI) will receive a significant boost in the next two years. The AARC (Authentication and Authorization for Research and Collaboration) project has been awarded a new two-year grant from the EU program Horizon Europe.
“We already have the AARC Blueprint Architecture which is a framework adopted by the national and international research infrastructures. The Blueprint Architecture showcases the current best practices for designing and implementing federated access management solutions for eScience. The new EU grant will allow us to expand the Blueprint Architecture to support more use-cases and assess the efficiency of the architecture. This in turn will support more research collaborations,” says Licia Florio, Senior Strategy and Policy Officer at NORDUnet and coordinator of the AARC TREE (Technical Revision to Enhance Effectiveness) project.
Beginning early 2024, the AARC TREE (AARC Technical Revision to Enhance Effectiveness) project will bring together 18 partners, representing European research infrastructures, European e-infrastructure (GÉANT, EGI, EUDAT), EuroHPC Hosting Sites, and some National Research and Education Networks (NRENs).
No need to reinvent the wheel
Researchers across all scientific disciplines depend increasingly not only on national but also on international research infrastructures for their daily work. These infrastructures provide the digital environment within which researchers can find, access, and share data and resources in ways that had never been possible before. Seamless authentication and authorization for resources, as if they were available right there next to the researcher, is key for enabling eScience at scale.
Smooth access to resources and data does not mean access is granted indiscriminately. The AARC Blueprint Architecture enables resources to establish their authorization policies. For instance, some resource providers may require additional evidence that the identities used to access resources have undergone specific validations; some others may not require that. Some resource providers accept a wider range of Identity Providers, some others do not etc.
The key element in AARC is to work with research communities, infrastructures and the resource providers to identify the best solutions to enable federated access across borders and institutions.
“AARC does not mandate resource providers and institutions to use the same technologies or software but defines a common way to exchange information about users’ identities and the related identity vetting among resource providers and identity providers. We want to enable solution architects to deploy federated access without having to reinvent the wheel every time. We do that by offering a blueprint architecture together with a set of technical and policy guidelines,” explains Licia Florio.
A chance to rejuvenate
The AARC project began 2015 with an initial two-year funding. A second two-year funding was made available, and the project ended in 2019. The first two AARC projects resulted in the AARC Blueprint Architecture. The architecture is a set of software building blocks that can be used to implement federated access management solutions for international research collaborations. Thereby, software architects and technical decision makers can utilize tried and tested components to build solutions for their requirements.
Although the second AARC project formally ended in 2019, work on AARC results continued over the years.
“Already during the previous AARC project we were concerned about sustainability of the results. We wanted to make sure that the AARC results would be maintained, and that work would continue in the community,” says Licia Florio.
To ensure continuity and governance of the AARC results, the AARC Engagement Group for Infrastructures (AEGIS) was established in 2019. AEGIS brings together representatives from research and e-infrastructures across Africa, Asia, Australia, Europe and the Americas, with the goal of establishing a global interoperable AAI..
“Since the end the second AARC project, in many cases on volunteer basis continued to further evolve the AARC blueprint and its guidelines. The AARC Blueprint Architecture has been recognized over the years as a foundational element for the implementation of interoperable research and education infrastructures across the globe” says Licia Florio. .
“The new funding for the AARC TREE project will allow us to further expand the reach of the AARC brand, as well as AEGIS; more resources will be available for additional work, improve the support mechanisms and to broaden the community ” says Christos Kanellopoulos, Trust and Identity Area Coordinator at GEANT and AEGIS chair
Spreading beyond Europe
The three AARC projects are all based on EU funding, and only European organizations are eligible for them.
“Still, we hope to broaden the community given that AARC results have already been adopted outside Europe. For instance, we have been collaborating for years with research infrastructures in the USA and Australia, which are also participating in AEGIS,” says Licia Florio, concluding:
“We are obviously pleased to witness how relevant AARC results are and how international players are willing to contribute and provide feedback to the best practices identified in the project. Science does not know boundaries.”
AARC TREE has a duration of two years and will begin March 1, 2024.