EGI Federation Home
Updated 21/07/2025

AARC TREE announces the updated Blueprint Architecture to advance Federated Access for Research Collaboration

AARC TREE has announced the release of the initial revision of the AARC Blueprint Architecture 2025 (AARC-BPA-2025) and its interoperability framework. This is the first major update of the AARC BPA framework, designed to meet the evolving technologies and policies and to better support the emerging needs of research collaborations worldwide.

Research infrastructures increasingly depend on secure, seamless access to services and data across institutional and national boundaries. To enable this, AARC TREE has refined the core architectural and policy foundations that underpin Authentication and Authorisation Infrastructures. With the updated AARC-BPA-2025 and the forthcoming Policy Development Kit version 2 (PDK v2), AARC TREE empowers infrastructures of all sizes to adopt interoperable, scalable, and policy-aligned AAI models.

The AARC-BPA-2025 revision represents a significant evolution, shaped by extensive input from research communities and real-world deployment experience.

While retaining its five-layer structure, AARC-BPA-2025 introduces several targeted refinements:

  • Simplified terminology: component names have been generalised to better reflect their broader applicability. For example, the “Community Attribute Services Layer” is now the Attribute Services Layer, and the “Community Authorisation Policy Repository” is now the Authorisation Policy Repository.
  • Streamlined protocols: to align with emerging standards for token-based access, the updated architecture focuses on OpenID Connect and OAuth 2.0, moving away from SAML2 support at the proxy interface.
  • New capabilities: AARC-BPA-2025 introduces the Identity capability, covering identifier management, assurance, and identity linking, responding to the growing role of national systems like EDU-ID and future developments such as the EU Digital Identity Wallet. The new Collaboration Management capability replaces the “Community AAI,” clarifying the distinction between identity services and collaboration support functions like group enrolment and role management.
  • Enhanced authorisation model: support for token-based access control has been strengthened, including integration of the emerging OAuth 2.0 Proxied Token Introspection mechanism to enable secure validation across trusted infrastructures.

These enhancements make the updated architecture more flexible and applicable to both established and agile, project-based research environments.

With the release of AARC-BPA-2025 and the foundation for PDK v2, AARC TREE is paving the way for seamless, policy-aligned access across infrastructures. Future work will focus on publishing a compendium of best practices and exploring synergies with emerging digital identity ecosystems, including eIDAS 2.0, the EU Digital Identity Wallet, and decentralised identity technologies. 

The final version will be available by the end of the AARC TREE project, in February 2025.

Read the full news on the AARC TREE website.