Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This document has been signed with the eduGAIN-CSIRTs PGP key.  The signatures are
also on our Web site, under:
 https://edugain.org/edugain-security/

...

eduGAIN-CSIRT is coordinated by the eduGAIN-CSIRT security officer. Other team members along with their contact information are listed at the eduGAIN-CSIRT web page: <eduGAIN-CSIRT.WEBPAGE.ORG>

Other Information

General information about eduGAIN security is in https://edugain.org/edugain-security/

...

<eduGAIN-CSIRT.WEBPAGE.ORG>
NOTE: WE NEED TO DISCUS IF WE WANT OT RUN SUCH A PAGEThe eduGAIN-CSIRTs hours of operation are generally restricted to regular business hours (09:00-17:00 (CET/CEST) Monday to Friday except holidays).

...

Mission Statement

The eduGAIN-CSIRT  CSIRT provides security incident coordination for eduGAIN and is the primary contact point for questions related to security issues affecting eduGAIN participants. Therefore eduGAIN-CSIRT operates and maintains a communications infrastructure and provides forensics support on request to end entities in coordination with the respective federations.

Constituency

on the federation level and ensures that security incident resolution process does not stall. Details are laid-out in eduGAIN-CSIRTs Term of References available at <HERE A LINK TO THE TOR>

Constituency

eduGAIN consists of identity federations, which which members are the federation participants,  an association of organisations that exchange information as appropriate about their users and resources to enable collaborations and transactions.  With regard to security incident response the identity and service providers (IdP and SP)  registered in a federation.

The eduGAIN constituency  consists of the eduGAIN participants, see https://technical.edugain.org/statusThe eduGAIN constituency  is the eduGAIN participants.

Sponsorship and/or Affiliation

...

eduGAIN-CSIRT is authorized by the eduGAIN Steering Group to coordinate incident response at the inter-federation level.

Policies

The eduGAIN policy framework is in:

https://technical.edugain.org/doc/eduGAIN-Declaration-v2bis-web.pdf


The constitution of the eduGAIN service is in https://technical.edugain.org/doc/eduGAIN-Constitution-v3ter-web.pdfwe do not really have an extended set of policies

Types of Incidents and Level of Support

...

eduGAIN-CSIRTs major incident management function is incident coordination across eduGAIN federations.

Incident Triage

Support ofeduGAIN-CSIRT will support the eduGAIN participants investigating whether indeed an incident occurred.
Determining and in case,
determining the extent of the incident. This ranges from a single entity, to multiple federations affected.

Incident Coordination

eduGAIN is a federation of identity federations, in which different organisations operate SPs and IdPs. Usually the mandate and scope of the SPs IdPs  security teams are  limited to the home organisation. The same holds for the federations participating in eduGAIN. eduGAN-CSIRT will organise the security incident communications across affected participants and coordinate the local response activities to allow for an efficient containment and subsequently resolution of security incidents.

Incident Resolution

The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP)). If possible, edugain-CSIRT will support the end entities with in coordination with the Federations  on request.

...