Not sure how to begin with the AARC Blueprint Architecture? There are plenty of guidelines available but it can be a minefield at first.
You probably want to start by designing the high level approach of your infrastructure – the AARC Blueprint Architecture (AARC-G045) is here for you. There are several general topics you should consider, such as Data Protection (AARC-G042) and Federated Security Incident Response (AARC-I051). Below you can find common questions matched to the relevant Blueprint Architecture component, along with links to guidelines that can help.
- How should I integrate Social Media Identity Providers? AARC-G008
- How should users link accounts, and how does that affect Assurance? AARC-G009
- How should services indicate that they would like users to authenticate with multifactor authentication, and how should my proxy forward that information? AARC-G029
Assurance:
- How should assurance information of external identities be calculated? AARC-G031
- What can I say about assurance of identities from social media accounts? AARC-G041
- How is assurance impacted by account linking? AARC-G009
- How should assurance information be shared with other infrastructures? AARC-G021
- Which Assurance Profiles should I use, there are so many! AARC-I050
- My service needs to act on behalf of the user – how should I handle credential delegation and impersonation? AARC-G005
- My services are not web based, how can I use identities from the proxy? AARC-G007
- How should Services hint which IdP they would like users to use? AARC-G049
- Which Security practices should I follow? AARC-G014
What next? Are you looking for a kick start with your policies? Take a look at the Policy Development Toolkit which provides a set of templates.
Certain guidelines are being adopted by the AEGIS community to support interoperability between infrastructures – consider prioritising these best practices.