The new AARC Blueprint Architecture

Elis Bertazzon on a new AARC functionality for research collaborations

EGI was one of the major contributors of the AARC project, the EU-funded initiative that answered the increasing need among research collaborations and e-infrastructures for authentication and authorisation mechanisms and for federated access to their online services. After 4 years, the project has come to an end but its main outputs are already having a positive impact on the research community, and some AARC-based solutions have been adopted by EGI, EUDAT, GEANT and the EOSC.

The Blueprint Architecture: a “community-first” approach

AARC Blueprint Architecture (BPA) is a reference architecture that provides “building blocks” for an AAI that supports federated access. Research and e-infrastructures adopting the BPA can take advantage of the identity federations and eduGAIN and enable federated access to resources in a way that was not possible before.

The new version of the BPA focuses on allowing the AAIs of different research and e-infrastructures to inter-operate. This functionality is needed by research communities requiring access to resources that are offered by other infrastructure providers. The new BPA promotes a “community-first” approach, introducing the Community AAI. This element streamlines how researchers can access services/resources via their Community AAI using their institutional credentials from the National Identity Federations in eduGAIN, but also from other sources as needed/allowed by the community, such as social media or other community-managed identity providers.

The new version of the AARC BPA focuses on the cross-AAI interoperability aspects and provides a broader view for addressing an increasing number of use cases from research  communities requiring access to federated resources offered by different infrastructure providers.

The BPA is proving to be a success and it has been adopted by EGI, EUDAT and GEANT, and provides a cornerstone AAI in the European Open Science Cloud. Also, several research infrastructures are adopting BPA-based solutions, including DARIAH, the pan-European infrastructure for arts and humanities scholars working with computational tools.

EGI and DARIAH: interoperable thanks to AARC

The challenge for DARIAH was to make their AAI interoperable with other e-Infrastructure services to allow, for example, a DARIAH researcher to access the Cloud Compute service offered by the EGI Federation without a new set of log in details and with the necessary authorization attributes managed by DARIAH. The BPA provided a set of software building blocks that allowed DARIAH to connect Identity Providers (IdPs) and Service Providers (SPs) through a centralized proxy.

AARC also provided guidelines for interoperability between multiple infrastructures, in this case the community AAI of DARIAH and the e-Infrastructure of EGI.

A legacy for the years to come

Find out more and #StartWithAARC: bit.ly/startwithaarc

The AARC Blueprint Architecture, Policy Development Kit (a toolbox of information, template documents, training materials and guidelines) and ‘AARC in Action’ collection of case studies give a head start to anyone who is seeking an Authentication and Authorisation Infrastructure (AAI) solution for their research collaboration.

More information

#StartWithAARC: bit.ly/startwithaarc

Elis Bertazzon is part of the AARC project communications team.

Subscribe to the EGI newsletter: