Guidelines for expressing community user identifiers (AARC-G026)

This document provides guidelines for expressing Community User Identifiers (CUIDs) such that the identifier values can be transported in an interoperable way across AARC Blueprint Architecture (BPA) compliant Authentication & Authorisation Infrastructures (AAIs). The CUID is a subject identifier, where the subjects are generally but not exclusively natural persons. The community user identifier is an attribute of the subject’s digital identity which is managed by the Community AAI. The guidelines specify how the CUID is communicated from the Community AAI to its connected services, i.e. infrastructure services (accessible through Infrastructure Proxies), generic and community services

A specification for IdP hinting (AARC-G061)

This document defines a generic browser-based protocol for conveying - to services - hints about the IdPs or SP-IdP-proxies that should be used for authenticating the principal. This protocol, colloquially referred to as Identity Provider (IdP) hinting, can greatly simplify the discovery process for the end-user, by enabling entities to produce and send hints that can be consumed by SP-IdP-proxies for routing the user to the correct upstream SP-IdP-Proxy or authenticating IdP

A specification for providing information about an end service to a Discovery Service (AARC-G063)

This specification defines how SP-IdP Proxies can provide hints about services towards Discovery Services to improve the user experience of the authentication process

AARC Blueprint Architecture 2019

The AARC Blueprint Architecture (BPA) provides a set of building blocks for software architects and technical decision makers who are designing and implementing access management solutions for international research collaborations. This document describes the evolution of the AARC Blueprint Architecture, starting with a summary of the changes since AARC-BPA-2017. The current iteration of the BPA focuses on the interoperability aspects, to address an increasing number of use cases from research communities requiring access to federated resources offered by different research and e-Infrastructures. Hence the introduction of the Community AAI, which streamlines researchers’ access to services. These typically include services offered to members of a specific community, as well as infrastructure services that may be shared with other communities. Users can authenticate to the Community AAI primarily via institutional credentials from national identity federations in eduGAIN, but, if permitted by the community, can also use other Identity Providers

Guidelines for expressing group membership and role information (AARC-G069)

Information about the groups a user is a member of is commonly used by relying parties in order to authorise user access to protected resources. This document provides guidelines for expressing group membership and role information across AARC BPA-compliant AAI services. Specifically, it defines a URN namespace for expressing this information using common identity federation protocols, namely SAML and OpenID Connect/OAuth2

EOSC Authentication and Authorization Infrastructure (AAI) : Report from the EOSC Executive Board Working Group (WG) Architecture AAI Task Force (TF)

The EOSC Architecture Working Group has assigned the AAI Task Force (AAI TF) the task to establish a common global ecosystem for identity and access control infrastructures for the European Open Science Cloud (EOSC). Since the EOSC is part of an international environment of research and education, the principles established by the EOSC AAI subtask must be globally viable. The EOSC AAI TF has produced a set of deliverables: - EOSC AAI First Principles & Requirements - EOSC AAI Baseline Architecture - EOSC AAI Federation participation guidelines (participation policy and technical framework) - EOSC AAI Best Practise

Challenges for Context Management Systems imposed by Context Inference

This work gives an overview over the challenges for context management systems in Ubiquitous Computing frameworks or Personal Smart Spaces. Focused on the integration of context inference in today’s context management systems (CMSs) we address important design decisions for future frameworks. The inference system we have in mind is probabilistic and relies on the concept of Bayeslets, special inference rules extending Bayesian networks. We show that for inference rule creation, storage, inference scheduling and update frequency the best solutions are hybrid, allowing for high flexibility and performance while reducing resource costs. We also see that human expert knowledge cannot be substituted completely in an efficient context-aware system

User-centric inference based on history of context data in pervasive environments

Pervasive computing systems need to be strongly proactive. Context-awareness contributes to this, thus minimizing human-machine interaction. Context-aware systems are greatly enhanced by the utilization of recorded history of the users ' situations and interactions. In this paper, an approach is proposed for modelling, storing and exploiting history-ofcontext, in order to predict or estimate context information. The proposed framework is context-type-independent, requires minimal processing and storage resources, and can be used for data compression. It is based on multiple context prediction rule generation models, demonstrates high prediction success ratio, and has been empirically evaluated via extensive experiments. Categories and Subject Descriptor