The Policy Development Kit (PDK) was originally developed under the AARC Project, a European Commission funded project to enable Authentication and Authorisation for Research and Collaboration. Since the end of the project, further development of the PDK has taken place in WISE.
The PDK aims to provide a set of templated policies to support operational security for federated research infrastructures. It includes, for example:
- Acceptable Use Policy
- Incident Response Procedure
- Privacy Policy
- … and many more!
Use
Several infrastructures have already used the PDK as a starting point for their policies, such as the Helmholtz Data Federation and IRIS. Although feedback has been largely positive, several policies were found to be too tightly coupled to be applied to looser federations; for example IRIS and the European Open Science Cloud (EOSC) have developed a new version of the Service Operations Security Policy which will be incorporated into the next iteration of the PDK.
Future Plans
As of October 2021, WISE will focus on producing and publishing a new template policy for Service Operations Security. This policy is intended to define the responsibilities and obligations of services participating in a federated infrastructure, such as log retention, publication of data privacy information and incident response collaboration requirements. Notes from this effort are available on the Wiki.
The full set of PDK content will be published by WISE and made available on the Wiki.