AARC TREE & EnCo policy coordination call Monday 19 August 2024

# AARC TREE & EnCo policy coordination call Monday 19 August 2024 Present: Catharina, Maarten, Jens, Marcus, PeterB, Baptiste, Arnout, Diana Apologise: DavidG, DaveK Previous notes (15 july 2024): https://sharemd.nikhef.nl/CZVxcrpcRUOgRrhW-V119g [TOC] ## Actions from the coordination calls ### New action items as of August 19th ### Ongoing items - What is missing today in G071? bounce to the AEGIS group for operational input: **Action by DavidG or DaveK** * token lifetime joined by Hannah and Tom Dack - "lifetime of tokens" new guideline document (G081): **Action by MarcusH** ([google-doc working area](https://docs.google.com/document/d/1U9vvJfWuE8oO7u0FcGVGr3KySvBqwjnkzKO8TKzgoX4/edit)) - Create (and write draft ToC of) the 'framing' document (Informational AARC-I* document) to describe the challenges before starting to write guidelines: **Action by DavidG** to start a shared document on sharemd/gdocs/overleaf -- Now available as https://docs.google.com/document/d/1tduCLBcc8UAqlqfqxjZp4zvAvvzKyFzy - initiate trust and tracability working parties (CT-like append-only logging by proxies: **Action by Jens** - TTX exercise models: **Action by DavidG & Maarten** (see also https://sharemd.nikhef.nl/s/_pNTbKy9f#Table-top-exercises-TTX-for-proxies-and-federations; there will be a TTX at EGI in Lecce and at TechEx/Boston) * At TechEx: DavidG, SvenG, MaartenK, PeterB - Collect any EOSC SMS onboaring documents for community input: **Action by Baptiste** - Start with a ToC of the AARC documents: **Action by DavidG** - end of June/early July - Milestone early september - writing completion during the September 23+24 workshop /PMA62 - Actions based on AARC PDK Feedback: - capture stories from smaller communities - separate the PDK into policies and procedures as ancillary documents - look at the top-level policy to see if it recasts into foundational principles - split the policies (and procedures) by topic area - review and draft something by July (DaveK) - token lifetime and revocation guidance: **Action by MarcusH** - MarcusH to set up a google doc ([google-doc working area](https://docs.google.com/document/d/1U9vvJfWuE8oO7u0FcGVGr3KySvBqwjnkzKO8TKzgoX4/edit)) ### Completed items - Document good practices what communities are currently doing. Via the questionnaire in AARC TREE WP3 or ask that later. - What do the communicaties have configured with the AAI providers? - Do one-on-one interview with policy/security experts from the communities - there are two more token types to consider: SSH keys and KRB TGTs ## AARC-G081 Recommendations for Token Lifetimes (MarcusH) -- ([google-doc working area](https://docs.google.com/document/d/1U9vvJfWuE8oO7u0FcGVGr3KySvBqwjnkzKO8TKzgoX4/edit)) * Marcus gives a short overview of the doc * At the doc is the overview on how to proceed with the doc and open discussion points * Marcus to invite relevant stakeholders to review this doc and more in general this calls ## AARC-G082 Trust in Distributed Proxy Scenarios framing document See document, needs input: https://docs.google.com/document/d/1tduCLBcc8UAqlqfqxjZp4zvAvvzKyFzy ## Evolution of G040 PeterB still has dive into the documents in order for the usecases for Lifescience AAI. Peter will write down is experience so far. ## Traceability and Transparency across proxies To be discussed next time :-) ## AOB * 23 & 24 september: AARC TREE Policy et al meeting: https://www.eugridpma.org/meetings/2024-09/ * planning for FIM4R meetings: how to get the right people from the AARC community in, and what would we like to get out of it? Both for “us” and for the communities. July 15th at 1600 CEST (and then first and third Monday of each month). * FIM4R at TechEx is on Sunday December 8th! Colocation of ~one day AARC with TIIME in Reading, * UK (March 31st … April 4th). Ian Collier organising. * Next meeting: Monday 16 sept at 14:00 CEST * Meeting ended at 15:45