Versions Compared

Old Version 35

changes.mady.by.user Nicole Harris

Saved on

compared with

New Version 36

changes.mady.by.user Davide Vaghetti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

eSG, the governing body of eduGAIN. (NH: this is in the constitution defs)
Word/TermDefinition
CSIRTComputer Security Incident Response Team
eduGAIN

The eduGAIN inter-federation service connects identity federations around the world, simplifying access to content, services and resources for the global research and education community.  (NH: this is in the constitution defs)

stakeholdereduGAIN Steering Group eduGAIN stakeholdereSG members, REFEDS members, NRENs, research and education community members, Service Providers.
Entity Security ContactAn entity mail address dedicated to security issues and incident response. It is recommended that the security contact is monitored by multiple individuals.

...

eduGAIN-CSIRT provides incident response coordination for the Entities of members of Identity Federations participating in eduGAIN.

...

The Chair of eduGAIN-CSIRT is the eduGAIN Security Officer.

Duties and responsibilities

...

  • Participating to the  eduGAIN-CSIRT meetings.
  • Following the eduGAIN CSIRT internal procedures.
  • Actively contributing to the mission of the eduGAIN-CSIRT.
  • Providing expertise and guidance to the best of their knowledge.
  • Abiding to the Trusted Introducer Code of Conduct [TI CCoP]. NH: changed reference from link for consistency.
  • Respecting TLP restrictions [FIRST TLP] and appropriate confidentiality requirements. NH: changed reference from link for consistency.
  • Providing the services and the service level described in 3.2 and 3.3.

...

The operation of eduGAIN-CSIRT will obey the eduGAIN Declaration [eduGAIN Declaration] and the eduGAIN Constitution [eduGAIN Constitution] and follow the procedures approved by the eSG. Any eduGAIN stakeholder has the right to suggest new policies and procedures: such requests should be submitted to the eduGAIN Security Officer. The decision whether to accept this request will be discussed within the eduGAIN CSIRT and decision will be recorded in the minutes of the meeting and feedback will be provided to the original requestor.

...

Accurate minutes will be kept of each meeting of the group. The minutes of a meeting shall be submitted to group members for ratification at the next subsequent meeting of the group.

Decision making

Decisions by the group will be made as follows:

  • Wherever possible, the Group will arrive at proposed draft recommendations documents and/or advice by clear consensus, as determined by the Chair

  •  A voting process will only start if consensus cannot be reached after two consecutive group meetings or if at least one third of voting members of the Group call for a vote

  •  A decision is adopted if more than 50% of the voting members present cast their vote for the  proposed decision

  •  If the group’s recommendations are adopted by majority vote, minority positions will be recorded and reported

  • The group, by majority decision, may refer matters for decision to the eduGAIN Steering Group on issues where a consensus cannot be achieved.

...

ChannelReference
eduGAIN-CSIRT email listedugain-support-sec-team@lists.geant.org
Report of abuseabuse@edugain.org
eduGAIN-CSIRT wiki & meeting minuteshttps://wiki.geant.org/display/eduGAIN/eduGAIN+Security
Telephone+44 1223 733033
Instant messaging channelsSignal group, keybase.io: edugain_sec

Related material and references

...

...

Related material is available on the eduGAIN website at the following location:

https://

...

edugain.org/

...

edugain-security/references/

Reporting

eduGAIN-CSIRT provides input about current operational security activities to Federation Operators group and eSG on request.

...