...
The name of the group is eduGAIN Computer Security Incident Response Team (CSIRT)
Definitions
| Word/Term | Definition |
|---|---|
| IdP | |
| SP | |
| Federation | |
| Federation Operator | |
| CSIRT | |
| entity | |
| eduGAIN | |
| eSG | eduGAIN Steering Group, the governing body of eduGAIN |
Purpose and Responsibilities
...
Wherever possible, the Group will arrive at proposed draft recommendations documents and/or advice by clear consensus, as determined by the Chair
A voting process will only start if consensus cannot be reached after two consecutive group meetings or if at least one third of voting members of the Group call for a vote
A decision is adopted if more than 50% of the voting members present cast their vote for thethe proposed decision
If the group’s recommendations are adopted by majority vote, minority positions will be recorded and reported
...
The group, by majority decision, may refer matters for decision to the Director on issues
...
where a consensus cannot be achieved.
Peer Organizations
The eduGAIN CSIRT shall proactively communicate with recognized peer organizations regarding suspected and conirmed security incidents that could affect such peers. It shall maintain a reference to the operating policies and practices of such peer infrastructures and participate in their processes and the evolution thereof.
Communication Channels
| Channel | Reference |
|---|---|
| eduGAIN CSIRT email list | edugain-support-sec-team@lists.geant.org |
| Report of abuse | abuse@edugain.org |
| eduGAIN CSIRT wiki & meeting minutes | https://wiki.geant.org/display/eduGAIN/eduGAIN+Security |
| Telephone | |
| Instant messaging channels | Signal group, keybase.io: edugain_sec |
Reporting
eduGAIN CSIRT provides input about current operational security activities to Federation Operators group and eSG on request.