The new AARC Blueprint Architecture

Elis Bertazzon on a new AARC functionality for research collaborations

EGI was one of the major contributors of the AARC project, the EU-funded initiative that answered the increasing need among research collaborations and e-infrastructures for authentication and authorisation mechanisms and for federated access to their online services. After 4 years, the project has come to an end but its main outputs are already having a positive impact on the research community, and some AARC-based solutions have been adopted by EGI, EUDAT, GEANT and the EOSC.

The Blueprint Architecture: a “community-first” approach

AARC Blueprint Architecture (BPA) is a reference architecture that provides “building blocks” for an AAI that supports federated access. Research and e-infrastructures adopting the BPA can take advantage of the identity federations and eduGAIN and enable federated access to resources in a way that was not possible before.

The new version of the BPA focuses on allowing the AAIs of different research and e-infrastructures to inter-operate. This functionality is needed by research communities requiring access to resources that are offered by other infrastructure providers. The new BPA promotes a “community-first” approach, introducing the Community AAI. This element streamlines how researchers can access services/resources via their Community AAI using their institutional credentials from the National Identity Federations in eduGAIN, but also from other sources as needed/allowed by the community, such as social media or other community-managed identity providers.

The new version of the AARC BPA focuses on the cross-AAI interoperability aspects and provides a broader view for addressing an increasing number of use cases from research  communities requiring access to federated resources offered by different infrastructure providers.

The BPA is proving to be a success and it has been adopted by EGI, EUDAT and GEANT, and provides a cornerstone AAI in the European Open Science Cloud. Also, several research infrastructures are adopting BPA-based solutions, including DARIAH, the pan-European infrastructure for arts and humanities scholars working with computational tools.

EGI and DARIAH: interoperable thanks to AARC

The challenge for DARIAH was to make their AAI interoperable with other e-Infrastructure services to allow, for example, a DARIAH researcher to access the Cloud Compute service offered by the EGI Federation without a new set of log in details and with the necessary authorization attributes managed by DARIAH. The BPA provided a set of software building blocks that allowed DARIAH to connect Identity Providers (IdPs) and Service Providers (SPs) through a centralized proxy.

AARC also provided guidelines for interoperability between multiple infrastructures, in this case the community AAI of DARIAH and the e-Infrastructure of EGI.

A legacy for the years to come

Find out more and #StartWithAARC:

The AARC Blueprint Architecture, Policy Development Kit (a toolbox of information, template documents, training materials and guidelines) and ‘AARC in Action’ collection of case studies give a head start to anyone who is seeking an Authentication and Authorisation Infrastructure (AAI) solution for their research collaboration.

More information


Elis Bertazzon is part of the AARC project communications team.

Subscribe to the EGI newsletter: