Introduction
The AARC Blueprint Architecture (BPA) describes a ‘Community AAI’ solution, a set of software building blocks that can be used to implement federated access management solutions for (inter)national research collaborations.
The benefit of the BPA is that its proxy-based architecture provides both a technical integration point for authentication and authorisation, as well as a centralised point for implementing the research communities' policies. The BPA also identifies a ‘membership management service’ which implements community-specific onboarding to help establish the researcher's status and may be used to issue community-specific attributes to establish roles and rights. Implementations of the BPA, like eduTEAMS and SRAM, have greatly improved the capability to use FIM for research communities.
Self-Sovereign Identity (SSI) provides a new paradigm in trust and identity on how users can engage with, and have control over their own personal data. It may also provide new models for institutions and services to engage with users in the context of issuing and receiving (researcher) identity and in dealing with guest or external identities. This will have an impact on how research communities and their services can handle authentication and authorization.
SSI awareness in Europe recently spiked as the revised EU eIDAS legislation puts SSI-based technology at the forefront of the minds of decision-makers and technologists alike. With large-scale pilots with wallet technology being planned and through the technology-driven European Blockchain Services Infrastructure (EBSI) activity, the EU aims to roll out a digital wallet for every European by 2024.
For the European academic trust and identity community, these developments present both challenges: how does this SSI ecosystem relate to Federated Identity and the established practices developed? There may also be opportunities: does this perhaps help us save cost when we enrol researches, or external identities in our collaborations, can we perhaps build trust in a new way, can we now finally get rid of proxies?
To further explore these questions, an AARC BPA SSI expert working group (Group) will be formed to further explore, investigate and discuss such questions.
The discussion, (open) questions and possible answers of the working group will be captured and disseminated in the T&I community.
Work principles
- The Group will hold periodic meetings for about 3-4 weeks for about 2.5 hours, starting from week 36, 2022 until the end of 2022.
- The Group will establish topics and contents to be discussed.
- The process is intended to be flexible and exploratory.
- It is expected not only technical topics will be discussed, but also privacy, assurance and trust.
- The Incubator members serve and facilitate the process, including note-taking and writing out the proceedings.
- Proceedings will be made available to the Group for feedback and review before being finalized.
Expected outcome
- Finalized proceedings of each meeting will be bundled into a paper, which will have the expert group members as co-authors
- There may be more questions than answers in it
- It is ok to end up with a product that exposes concerns without clear answers and has some rough edges requiring (future) investigation
Meeting format
- The Group will have online meetings in September and October 2022.
Week 48 is a wrapup/spill-over meeting - Meetings take 2.5 hours with 15 min lead times and 15 min breaks between 1-hour discussion slots
- Using a doodle poll, participants will be invited to select either of the following slots will be selected by Group members (Incubator team member availability is restricting the use of other slots):
- Wed morning 10.00 - 12.30
- Mon afternoon, 13.30 to 16.00
- Fri morning, 10.00 - 12.30
Meeting Agenda and Proceedings
- AARC BPA SSI Group (Week of Sept 5)
- AARC BPA SSI Group (Week of Sept 26)
- AARC BPA SSI Group (Week of Oct 17)
- AARC BPA SSI Group (Week of Nov 7)
- AARC BPA SSI Group (Week of Nov 28)
Background information
- Verifiable Credentials Data Model (W3C)
- Self-Sovereign Identities (SWITCH)
- DI revisited doc
- AARC blueprint Architecture