AARC revolutionises authentication and authorisation in research


The EU project Authentication and Authorisation for Research and Collaboration (AARC) is now entering its third phase (AARC TREE). It is relevant for all research infrastructures that want to grant controlled access to users from all over the world via federated identity management. AARC has set itself the goal of harmonising authentication and authorisation in the research community and addressing the special requirements of research infrastructures that were previously not met by the research federations.

The work of AARC projects provides researchers with seamless access to the resources and services they need for their work, regardless of their geographical location or institutional affiliation. The exchange of knowledge and resources facilitated in this way contributes significantly to increasing research efficiency and thus to accelerating innovation.

Important progress has already been made within the framework of AARC. Amongst other things, guidelines and recommendations for the integration of systems for the management of virtual organisations have been developed and interoperability between different authentication and authorisation services has been promoted.

Milestones to date:

2015-2017 AARC: Understanding the needs of communities

As part of the first EU-funded AARC project (2015-2017), the requirements of e-infrastructures for a federated authentication and authorisation infrastructure were collected, corresponding solutions developed and implemented in pilot projects. 20 partners took part in the project, including NREN, GÉANT, generic e-infrastructures such as EGI, PRACE and EUDAT as well as Europe-wide subject-specific virtual research infrastructures such as ELIXIR and DARIAH, the latter represented by DAASI International. In addition to the pilots, the most important results were the AARC Blueprint Architecture (BPA), a generic architecture for research infrastructures that supports all requirements and all necessary protocols using proxies, as well as a policy framework that takes the specifics of this architecture into account.

2017-2019 Involvement of the research communities: AARC Phase 2

The goal of the first AARC project was to define an integrated architecture as a reference for all AAIs. In the second AARC project (2017-2019), further steps were taken to implement the AARC BPA and common policies. This was done through a stronger and more active involvement of other specialised infrastructures, from geosciences and biosciences to astronomy, high-energy physics and the humanities. The AARC BPA was further developed to fulfil their requirements.

As of 1st March 2024 Start of AARC TREE

AARC TREE (AARC Technical Revision to Enhance Effectiveness) has the potential to significantly improve collaboration and resource sharing in the research community. The project builds on the proven groundwork of previous projects and aims to drive the next phase of research infrastructure integration, taking into account recent technical developments in the areas of OpenID Connect (OIDC) and authentication procedures.

One of the main objectives of AARC TREE is to capture and analyse new interoperability requirements in the area of authentication and authorisation to support the integration of use cases in different research areas. In addition, new technical and policy guidelines are defined and validated to meet changing requirements.

The project also aims to consolidate resources, avoid fragmentation and reduce unnecessary work. This will be achieved by bringing together research infrastructures, e-infrastructures and relevant stakeholders to develop strategies for integrating new technologies and improving interoperability that can be reused by research infrastructures.

By creating federated interoperable access to resources and integrating user-centred technologies, AARC TREE will help to improve efficiency and effectiveness of research infrastructure and to foster innovation in various fields.

What DAASI International does

DAASI International supports the project by further developing the AARC BPA as part of the technical work package (WP1). This will provide the research infrastructures with up-to-date guidelines for implementing the architecture of their authentication and authorisation infrastructures. These include new technologies, standards and best practices and are based on the findings from previous implementations. The revision of the AARC BPA will take into account the results of the other tasks in this work package, which are aimed at specific topics such as OpenID Connect federations, advanced federated authorisation mechanisms and decentralised identity management.

In these individual topics, DAASI International will contribute in particular to authorisation attributes and decentralised identity management. Within the framework of these authorisation attributes, common procedures and guidelines for access control will be developed, from which various subject communities and their research infrastructures will benefit significantly. The target groups of these guidelines include research communities, operators of AAI services and resource providers. A harmonised approach to access control will promote the integration of services as well as resource providers in infrastructures and provide a common understanding of authorisation models that apply to all scientific disciplines or communities.

Another contribution of DAASI International is the collaboration on guidelines for the use of decentralised identities and digital identity wallets. This covers topics that are becoming increasingly important, such as distributed identities, verifiable credentials and their presentation and decentralised storage. This is necessary, amongst other things, to support the EU initiative “European Digital Identity Wallet” (EDIW) in research infrastructures, which aims to offer individuals a secure and privacy-protecting way to store and use their digital identity credentials.

The AARC TREE kick-off meeting took place in Utrecht in March 2024. At this meeting, the scope of the project was defined and the future collaboration of the individual work packages was discussed. Peter Gietz, CEO of DAASI International, was delighted with the trip: “It was a pleasure to get together again with all the relevant experts in Europe. A lot has happened technologically since 2019 and it was high time to continue the important AARC work accordingly.” DAASI International will be working in AARC TREE with three members of its development team.

Further information on AARC can be found on the official project website: https://aarc-project.eu

WordPress Cookie Plugin by Real Cookie Banner