The bi-lateral negotiation of policies between SPs and IdPs/AAs does not lead to timely results and the only viable option for differentiated policy and LoA will be through the definition of a very limited set of these, as will be done in TNA3.1. A classification of all participants in the identity and attribute ecosystem (identity providers, attribute providers, and translation services) and expressing these technically will result in the necessary scalable policy negotiation mechanisms. This also enables the aggregation of attributes from multiple sources, and a way to extend beyond a one-on-one mapping between the 'provider' of information (be they identity or qualifying attributes), and the 'consumer' at the service end.
Due to the current state of policy development, defining effective operating models needs realistic policies to be worked on, and for those policy to have a firm grounding in the community to which they apply: the 'though convergence' process needs to be much matures in order for scalable mechanisms to be effective. Since AARC is not in itself in a position to adopt policies, but instead mediates policy, best practices and (pilot) technologies between a multitude of existing entities (Research Infrastructures, e-Infrastructures, IdPs, Federations, service providers and brokers), community engagement to gain such adoption is essential. Much of the work in scalable policy negotiation is therefore centered on outreach and participation in (existing or newly established) forae. To review the result, read our Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation
- Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation (PDF)
- Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation (MS Word)
In addition, this task investigates the use of policy negotiation models, such as Snctfi, to ease trust between Infrastructures.