Description for eduGAIN-CSIRT
REMARK: This needs to be synced with https://edugain.org/edugain-security/
in particular the
- Constituency
- Incident response procedure is a link to a AARC deliverable which has an a bit generic irp for distributed infras
About this document
This is version 0.1, draft 2021/07/14
...
Locations where this Document May Be Found
The
...
current
...
version
...
of
...
this
...
CSIRT
...
description
...
document
...
is
...
available
...
from
...
the
...
eduGAIN-CSIRT
...
WWW
...
site;
...
its
...
URL
...
is
...
https://edugain.org/edugain-security/
...
Please
...
make
...
sure
...
you
...
are
...
using
...
the
...
latest
...
version.
...
Authenticating this Document
This
...
document
...
has
...
been
...
signed
...
with
...
the
...
eduGAIN-CSIRTs
...
PGP
...
key.
...
The
...
signatures
...
are
...
also
...
on
...
our
...
Web
...
site,
...
under:
...
https://edugain.org/edugain-security/
Contact Information
Name of the Team
...
Telephone Number
+31 12345679 (SOME GEAN OFFICE NUMBER, where the Opertor Operator at least knows what to do when contacted on security issues related to eduGAIN)
Facsimile Number
+31 12345679 (SOME GEANT OFFICE FAX NUMBER, where the Opertor Operator at least knows what to do when contacted on security issues related to eduGAIN)
Other Telecommunication/Instant messaging
OTHER METHODS MONITORED BY THE eduGAIN-CSIRT (keybase? slackchannel?)
Electronic Mail Address
...
This
...
address
...
can
...
be
...
used
...
to
...
report
...
all
...
security
...
incidents
...
which
...
relate
...
to
...
the
...
eduGAIN
...
participants.
...
This
...
is
...
a
...
...
alias
...
that
...
relays
...
...
to
...
the
...
human(s)
...
on
...
duty
...
for
...
the
...
eduGAIN-CSIRT.
Public Keys and Other Encryption Information
...
The eduGAIN-CSIRTs hours of operation are generally restricted to regular business hours (09:00-17:00 (CET/CEST)) Monday to Friday except holidays). <ADD A STATEMENT ABOUT "BEST EFFORT" OUTSIDE BUSINESS HOURS ?>
Charter
Mission Statement
The eduGAIN-CSIRT provides security incident coordination for eduGAIN on the federation level and ensures that security incident resolution process does not stall. Details are laid-out in eduGAIN-CSIRTs Term of References available at <HERE A LINK TO THE TOR>
Constituency
eduGAIN consists of identity federations, which which members are the federation participants, an association of organisations organizations that exchange information as appropriate about their users and resources to enable collaborations and transactions. With regard to security incident response the identity and service providers (IdP and SP) registered in a federation.
...
eduGAIN-CSIRT reports to the eduGAIN Steering Group (eSG).
Communication and Authentication
...
eduGAIN is a federation of identity federations, in which different organisations organizations operate SPs and IdPs. Usually the mandate and scope of the SPs IdPs security teams are limited to the home organisationorganization. The same holds for the federations participating in eduGAIN. eduGAN-CSIRT will organise organize the security incident communications across affected participants and coordinate the local response activities to allow for an efficient containment and subsequently resolution of security incidents.
...
The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP)). If possible, edugain-CSIRT will support the end entities with in coordination with the Federations on request.
Proactive Activities
<THIS <THIS HAS A RISK OF GETTING TIME CONSUMING MORE THEN WE CAN SQUEZE IN>SPEND ON IT>
Incident Reporting Forms
Incident Report temlates templates can be found in: https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf
< THE TEMPLATES SHOULD BE EXTRACTED/EDITED FROM THE PDF AND PUT ON THE WEBSITE (WITH A REFERENCE TO THE ORIGINAL DOC) >
Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, eduGAIN-CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
...