Speaker
Description
Driven by the physics communities supported by UKRI-STFC, the eInfrastructure for Research and Innovation for STFC, or IRIS, is a collaboration of STFC’s science activities, computing facilities, and its national computing centres at universities. The vision of IRIS is to develop a single federated national computing Infrastructure for STFC science. To enable this vision, IRIS requires clear rules of engagement. The IRIS Trust and Security Framework delivers a policy platform within which service providers can offer resources – and users can perform their work - in a safe and secure manner.
The EU H2020-funded AARC projects, building on existing work for infrastructures including EGI, addressed the challenges involved in integrating identity services across different infrastructures, thereby allowing research communities to securely share data and resources. The result of this work hinged around the AARC Blueprint Architecture allowing federations of services and identity providers to connect via one or more proxies, such as the IRIS IAM discussed in a parallel abstract. In addition to AARC technical architecture documents and guidelines, a policy team created a set of template policies published as the AARC Policy Development Kit (PDK), which, following the completion of the AARC projects, will find a long term home under the Security for Collaborating Infrastructures (SCI) working group of the Wise Information Security for Collaborating e-Infrastructures (WISE) community. Building on existing practice, the PDK aims to assist in efficiently bootstrapping Research Infrastructures in the operation of an authentication and authorisation infrastructure in line with the AARC Blueprint Architecture, making them accessible to researchers in an easy and secure fashion.
We will present the current status of work to bootstrap a trust framework of security policies for IRIS, based on the PDK, in consultation with the IRIS community. We will also discuss the future directions of this work, both in the context of IRIS and in the wider development of federated infrastructure security policy under the WISE community as part of a global collaboration.
