...
- PDK version https://docs.google.com/document/d/1_cNMF3l3YVPqBBH0MPqx9DLAL1t3Z33_fJcjln8Xk48/edit#heading=h.idp93lqbm8kt
- The PDK was used to produce a Service Operations Security Policy for EOSC-hub which was then also adopted by EGI. Some wording was changed from the initial PDK to the EOSC-hub version, including the reference to Sirtfi was removed from point 4 and "Privacy Statement" was changed to "Privacy Notice"
- The EOSC-hub/EGI policy from June 2020 onwards is available at: https://documents.egi.eu/document/3601
- The EOSC Security Baseline may serve as a best option for loosely coupled federations https://docs.google.com/document/d/1a8TQAfOnB0CADo_n5nn7-DQX6jV7Iz-2i90hBAzMgGY/edit#heading=h.eyau1431a74f (plan to adopt almost as is)
- Based on Iris https://www.iris.ac.uk/wp-content/uploads/2021/05/IRIS-Service-Operations-Security-Policy.pdf (though that one removed Sirtfi and only referred to it in footnotes. Wanted self contained). Advantage is long list of references.
- Less prescriptive
- Elixir
- This is our Service operations security policy:
https://docs.google.com/document/d/1TKczGc_9U-i3XTT3pVqy8EpHyMrTZ9m9rMFFwhlFMtg/edit?usp=sharing - You may be interested also in our ToU for service providers which was missing from AARC PDK and was developed by ourselves:
https://docs.google.com/document/d/10DBkPr_zWpFJPWTav8SMw61IVExIU0349pUkBl9cLjw/edit# It has the same license as the AARC PDK (CC-BY-SA-NC) - See page 14 - 15 for feedback from life sciences https://zenodo.org/record/4559400#.YWRFLC8RpQI
- This is our Service operations security policy:
- Trusted CI https://www.trustedci.org/guide-overview?rq=MISPP
- HFIS HIFIS (previously HDF) https://hifis.net/doc/helmholtz-aai/security-response/
...
- Discussed during EUGridPMA October 2021
- October 4th 2021
- Friday 22nd (morning) 10:00 CEST
- At the WISE/SIG-ISM Meeting October 26/27 https://events.geant.org/event/742/
WISE Meeting October 27th
| Time | Item |
|---|---|
| 10m | PDK introduction
|
| 10m | Evolution of Security Operations Policy
|
| 10m | Q&A e.g. feedback from CS3MESH |
| 30m | Work on Security Operations Policy (not the baseline) and incorporate feedback
|
Actions:
- Hannah: Ask ELIXIR if they used the Security Operations Policy
- Hannah: Ask Uros/Marcus about HDF use
- Ian: share Iris and PDK Policy comparison
View file name table combined.docx height 250
- Hannah: Create PDK section on WISE website