The Science DMZ is a network concept that provides an environment optimized for high performance scientific applications, while allowing the rest of the campus to support more 'corporate' services such as e-mail etc. While on the networking side, focus is on performance and faster data transfer, for above the network applications, complexity of authorization requirements is the key driver of researcher needs. We can develop a 'Science DMZ' concept for AAI today, layered above eduGAIN and existing national federated identity infrastructure. What would this look like and what does it enable? How will it help campuses to adapt to these more complex and expensive needs?