You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The eduGAIN Security Team main duty is to provide a central coordination point at the inter-federation level for the security incident response. Moreover, the team will share information on  security threats relevant for the eduGAIN community.

eduGAIN Security Incident Response Handbook

The eduGAIN Security Team in collaboration with the REFEDS Sirtfi WG developed an eduGAIN Security Incident Response (SIR) Handbook, which is currently under consultation, see https://wiki.refeds.org/x/-oCNAw.

The eduGAIN SIR handbook defines the process for resolving security incidents affecting eduGAIN participants involving all key stakeholders. In particular, it is essential to involve the federation in security operations or possible intrusions affecting eduGAIN entities.

Federation Security Contact

Each eduGAIN Member should provide a federation security contact that can act as the contact and technical support point for security incidents affecting the federation, as further defined in the eduGAIN SIR handbook. The contact must be capable of operating according to the eduGAIN SIR handbook and maintain a level of confidentiality suited to the information received. Trusted, well defined and well maintained security contact information is crucial to allow all involved parties to collaborate and exchange sensitive data during a crisis.

This role is expected to be fulfilled by the security contact point as expressed in each federation profile and it will be published on the eduGAIN Member Status page (https://technical.edugain.org/status). In order to communicate the security contact for your identity federation follow the procedure on https://technical.edugain.org/joining_checklist.

Security threats information sharing

The eduGAIN Security Team will share information on potential and actual security threats with the federation security contacts and if needed with the entities's Sirtfi security contacts.

LEAKED CREDENTIAL PROCEDURE HERE

Contacts

For computer security emergencies or in case a security incident is suspected:

Contact the eduGAIN Security Team: abuse@edugain.org

PGP key fingerprint: F9FF B82B 9700 72D1 F753 25CF 5E3C 31D7 CE43 BCB8

  • No labels