IRIS is the co-ordinating body of a UK science eInfrastructure and is a collaboration between UKRI-STFC, its resource providers and representatives from the science activities themselves. We document the progress of an ongoing project to build a security policy trust framework suitable for use across the IRIS community.
The EU H2020-funded AARC projects addressed the challenges involved in integrating identity services across different infrastructures, thereby allowing research communities to securely share data and resources. The result of this work hinged around the AARC Blueprint Architecture allowing federations of services and identity providers to connect via one or more proxies. In addition to AARC technical architecture documents and guidelines, a policy team created a set of template policies published as the AARC Policy Development Kit (PDK), which following the completion of the AARC projects will find a long term home under the SCI working group of the WISE community. Derived from existing practice, the PDK aims to assist in efficiently bootstrapping Research Infrastructures in the operation of an authentication and authorisation infrastructure in line with the AARC Blueprint Architecture, making them accessible to researchers in an easy and secure fashion.
We document the experience gained by the IRIS community in adopting component policies of the PDK to form a policy foundation for resource sharing, access and trust. The lack of such an established trust framework hindered the early growth of IRIS activities and the promise of a ‘ready-made’ framework of templates, based on current best practice recommendations for federated environments, available for use made the PDK an obvious place to start. Starting with an examination of stakeholder requirements and discussion of how to map these to the PDK templates, we describe the current status of the process to create a sub-set of policies to form a trust framework for a national infrastructure collaboration.
|Consider for promotion||Yes|