...
| What must I do? | Explanation | Example |
|---|---|---|
| Define a unique name | This name will be critical for uniquely identifying your community and its participants. Ensure there are no possible collisions. | Strongly suggest using a DNS name |
| Define your community's purpose | You need to be able to identify activity that is in scope for your community. Other activity may be suspended | "The goal of this community is to allow members of the X collaboration to perform all the computing activities relevant for the X experiment and the analysis of the data collected by it." |
| Ensure members and their authorisations are valid and enforced | Put a process in place to check whether members are valid, for how long, and what they should be entitled to do. If automatic provisioning is not possible, establish periodic review procedures. | ????? PDK seems too long. Probably need a new one here. |
| Require members to accept an Acceptable Use Policy that defines the community goals and does not conflict with Infrastructure AUPs | A significant effort has been spent in the research and education identity community to harmonise Acceptable Use Policies, minimising the need to interrupt end users with notifications and enabling easier interoperability. | Add your community's purpose to the WISE AUP |
| Inform members about how their personal information is processed | You will likely be subject to local laws. You should also consider international best practices, such as the REFEDS Code of Conduct. | The AARC recommendation from the Policy Development Kit |
| Be able and willing to collaborate in security incident response | Ensure that you follow best practices for security incident response such as traceability, revocation, the ability to contact users and proactive notification of incidents to partner organisations. | Support the Sirtfi Framework. Define a procedure (e.g. the IRIS procedure) to be followed when needed. |
| Publish your documents | Make it easy for fellow participants to trust you and see that you are following best practices | A publicly available website such as https://www.iris.ac.uk/security/ |