Not sure how to begin with the AARC Blueprint Architecture? There are plenty of guidelines available but it can be a minefield at first.

You probably want to start by designing the high level approach of your infrastructure – the AARC Blueprint Architecture (AARC-G045) is here for you. There are several general topics you should consider, such as Data Protection (AARC-G042) and Federated Security Incident Response (AARC-I051). Below you can find common questions matched to the relevant Blueprint Architecture component, along with links to guidelines that can help.

User Identity:
  • How should I integrate Social Media Identity Providers? AARC-G008
  • How should users link accounts, and how does that affect Assurance? AARC-G009
  • How should services indicate that they would like users to authenticate with multifactor authentication, and how should my proxy forward that information? AARC-G029

  • How should assurance information of external identities be calculated? AARC-G031
  • What can I say about assurance of identities from social media accounts? AARC-G041
  • How is assurance impacted by account linking? AARC-G009
  • How should assurance information be shared with other infrastructures? AARC-G021
  • Which Assurance Profiles should I use, there are so many! AARC-I050

Access Protocol Translation:
  • Which best practices should I follow for my Token Translation Services? AARC-G004
  • How should I translate from Identity Federation information to X.509 certificates? AARC-G010

  • How can I ensure that my proxy is able to accurately claim that it supports best practices in Identity Federation? AARC-G015
  • How should I express assurance information for users when interacting with another proxy? AARC-G021

Community Attribute Services:
  • How should attributes from multiple sources be aggregated? AARC-G003
  • How should I express the home institute of a user? AARC-G025
  • What are the best practices for running my Attribute Authorities securely? AARC-G048
  • Which Acceptable Use Policy should I use to facilitate interoperability? AARC-I044

  • How should I manage authorisation information from multiple sources? AARC-G006
  • How should group and role information be expressed to facilitate interoperability? AARC-G002
  • How should resource capabilities be expressed? AARC-G027

End Services:
  • My service needs to act on behalf of the user – how should I handle credential delegation and impersonation? AARC-G005
  • My services are not web based, how can I use identities from the proxy? AARC-G007
  • How should Services hint which IdP they would like users to use? AARC-G049
  • Which Security practices should I follow? AARC-G014

What next? Are you looking for a kick start with your policies? Take a look at the Policy Development Toolkit which provides a set of templates.

Certain guidelines are being adopted by the AEGIS community to support interoperability between infrastructures – consider prioritising these best practices.