| Table of Contents | ||
|---|---|---|
|
GÉANT Federation as a Service
...
- FaaS is an easy entry point for NRENs who are developing or are in early stage of operating a WebSSO Identity federation. FaaS service is offered to organisations which operate an Identity federation - Federation Operators (typically an NREN) to facilitate efforts needed for uptake and day-to-day operations. In a nuthsell, by using FaaS offer, Federation operators can:
- operate their Identity federation in scalable manner which accommodates best current practices;
- exchange metadata with eduGAIN metadata service in an automated manner.
...
Detailed service information is available from Federation-as-a-Service
FaaS showcase by Marina Vermezovic
Service Manager
| Name | |
|---|---|
Nebojsa Ilic | nebojsa.ilic@amres.ac.rs |
Service Team
| Name |
| ||
|---|---|---|---|
| |||
Security-related information and sources
FaaS instances are deployed on servers running CentOS 6.7 operating system. In order for FaaS service to operate properly, there are quite a number of applications and tools installed on FaaS servers. Majority of applications are installed using CentOS package manager (yum) but there are several tools which are installed using github or source code. Some applications are critical for the FaaS operation (such as pyff, jagger, lunacm), while others are important for server management and monitoring (nagios). From the security standpoint, it is important to constantly follow newly discovered vulnerabilities and bugs in applications used on FaaS servers.
| Operating system / Application | Source of information | Comment |
|---|---|---|
| CentOS 6.7 | https://lists.centos.org/mailman/listinfo/centos-announce | Mailing-list used for forwarding security-related and general information about CentOS |
| Pyff | https://github.com/leifj/pyFF/issues | Issues found in Pyff. Contains bug information. |
| Jagger | https://github.com/Edugate/Jagger/issues | Issues found in Jagger. Contains bug information. |
| PHP | https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/PHP-PHP.html | List of vulnerabilities found for PHP, published in the form of CVE list. |
Perl | https://www.cvedetails.com/vulnerability-list/vendor_id-1885/product_id-13879/Perl-Perl.html | List of vulnerabilities found for Perl, published in the form of CVE list. |
| Python | https://www.cvedetails.com/vulnerability-list/vendor_id-1238/product_id-2147/Python-Software-Foundation-Python.html | List of vulnerabilities found for Perl, published in the form of CVE list. |
| MySQL | https://www.cvedetails.com/vulnerability-list/vendor_id-185/Mysql.html | List of vulnerabilities found for MySQL, published in the form of CVE list. |
| Nagios | https://www.cvedetails.com/vulnerability-list/vendor_id-1424/product_id-2468/Nagios-Nagios.html | List of vulnerabilities found for Nagios, published in the form of CVE list. |
| Shibboleth | https://www.cvedetails.com/vulnerability-list/vendor_id-11435/Shibboleth.html https://wiki.shibboleth.net/confluence/display/SHIB2/SecurityAdvisories | List of vulnerabilities found for Shibboleth, published in the form of CVE list. Security advisories listed on Shibboleth. |
| OpenSSL | https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html | List of vulnerabilities found for OpenSSL, published in the form of CVE list. |
| OpenSSH | https://www.cvedetails.com/vulnerability-list/vendor_id-97/product_id-585/Openbsd-Openssh.html | List of vulnerabilities found for OpenSSH, published in the form of CVE list. |
...
Security issues that need to be addressed asap.
| Operating system / Application | Issue | Recommendation | |
|---|---|---|---|
| None | - | -
Status Overview
| Insert Date | Phase | Delivery Date | Issues/risks | Mitigation | Comments (please provide update) | RAG status | ||
Testing | Migrating | Production | ||||||
| GREEN | ||||||||
| GREEN | ||||||||
| GREEN | ||||||||
| GREEN | ||||||||
| GREEN | ||||||||
...