You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Who is this for? 

Small to mid-sized research communities wanting to integrate with shared infrastructure. The research community may operate their own AARC BPA Proxy or, more likely, use a hosted solution.  

Example use cases

Use case: Experiment A has 50 users spread across 8 universities. They use a hosted community proxy (e.g. INDIGO IAM) to manage their membership and the services to which they can connect. They wish to integrate EOSC infrastructure, in addition to services that connect directly to their community proxy (such as collaborative document editors, video conferencing).

Deliverable plan

  1. Create a first version on this Wiki
  2. Publish to the AARC Website

Draft

I manage a research community of members that will access shared infrastructure services. What simple steps can I take to make my community a trustworthy participant in this environment and simplify interoperability?


What must I do?ExplanationExample
Define a unique nameThis name will be critical for uniquely identifying your community and its participants. Ensure there are no possible collisions.Strongly suggest using a DNS name
Ensure members and their authorisations are valid and enforcedPut a process in place to check whether members are valid, for how long, and what they should be entitled to do. If automatic provisioning is not possible, establish periodic review procedures.????? PDK seems too long. Probably need a new one here.
Require members to accept an Acceptable Use Policy that defines the community goals and does not conflict with Infrastructure AUPsA significant effort has been spent in the research and education identity community to harmonise Acceptable Use Policies, minimising the need to interrupt end users with notifications and enabling easier interoperability.Add your community's goals to the WISE AUP
Inform members about how their personal information is processedYou will likely be subject to local laws. You should also consider international best practices, such as the REFEDS Code of Conduct.The AARC recommendation from the Policy Development Kit
Be able and willing to collaborate in security incident response

Ensure that you follow best practices for security incident response such as traceability, revocation, the ability to contact users and proactive notification of incidents to partner organisations.Support the Sirtfi Framework. Define a procedure to be followed when needed.
  • No labels