No policy or best practice in itself will achieve results: it is only through their adoption by the community at large that they gain value, and ensuring this level of acceptance needs engagement throughout the policy development process. In this task, we support (new and existing) communities in adopting interoperable federated policies through 'policy development kits', joint development of policy frameworks, we act as the nexus for Infrastructures and research communities that need to align best practices, and promote existing baseline and best practices through 'round-table' mechanisms and groups.
In many areas of policy there are existing groups that promote harmonisation (such as REFEDS, IGTF, FIM4R, the EGI Security Policy Group, WISE & SCI, etc.), with each of these rooted in its own community, and that at times interwork by means of joint membership. It is the explicit goal of this Task to support the role of these groups and, with the consent of the communities involved, to use them to ease friction along the AAI policy chain in the most cost-effective way. Although having to rely on the formation of global consensus, AARC2 can strongly encourage such consensus to emerge by proactive participation and by having its policy experts participate in these groups at all levels.
Snctfi and the (community) Policy Development Kit
The first elements of the Policy Development Kit were two Community Engagement security policies, a joint work with EGI Security Policy Group. Based on two F2F meetings (Karlsruhe and Amsterdam) and work on draft documents (to meet the requirements of Snctfi version 1) resulted in:
- Community Operations Security Policy - https://docs.google.com/document/d/1TFE4T4hyFFrVKHyTjh4K8cJlrrvJGfpVvIvL4GCzYFM/edit?usp=sharing
- Community Membership Management Policy - https://docs.google.com/document/d/1vPcAja1EyTp-kJPvJpwu3NSd8e1aVcytY3nSGthWNLU/edit?usp=sharing
and these are e.g. being implemented in some of the e-Infrastructures. The other elements of Snctfi will be elaborated as part of the Policy Development Kit, including alignment of Acceptable Use Policies (AUPs). The AUP alignment study reviewed a wide range of infrastructure and organisational terms and conditions documents, identifying both overlaps and gaps in the structure.
Community engagement
The Federated Identity Management for Research (FIM4R) group is a key mechanism for community engagement - and the venue for the AARC Community Engagement Forum ('CEF'). Work on the user requirements survey and a consultation with the communities (one in conjunction with RDA FIM-IG and through periodic consultation meetings in the first half of 2018) resulted in a first draft of the new whitepaper ("v2") of the influenties 2012 FIM4R paper. To be finalised at TNC18 and tried with some communities before FIM4R in Montreal:
Furthermore, Snctfi - now curated by the Interoperable Global Trust Federation IGTF - provides the structure for the Policy Development Kit (PDK) referenced above, and is increasingly used as the structure for the community guidelines:
- https://igtf.net/snctfi/
- Cross-Infrastructure FAQ and training on SCI version 2 - being prepared for the WISE workshop at NSF Cybersecurity summit (Arlington, VA) on 15th August.
WISE @ NSF Summit 2017