Title
The name of the group is eduGAIN Computer Security Incident Response Team (CSIRT)
Definitions
| Word/Term | Definition |
|---|---|
| IdP | |
| SP | |
| Federation | |
| Federation Operator | |
| CSIRT | |
| entity | |
| eduGAIN | |
| eSG | eduGAIN Steering Group, the governing body of eduGAIN |
Purpose and Responsibilities
eduGAIN CSIRT provides computer security incident coordination for eduGAIN. It serves as the primary contact point for all security related issues affecting eduGAIN.
The group maintains a communication infrastructure to assure that all relevant information is received by the relevant entities in eduGAIN.
That the information is processed and needed response actions are carried out is the responsibility of the entity and the hosting federation.
Constituency
Service Description
Service Level Description
Composition
Membership
Chair
The Chair of eduGAIN CSIRT is the Security Officer.
Duties
Term of Office
The Term of Office is unlimited.
Method of Appointment
The eSG appoint the Chair.
Operating Procedures
The operation of eduGAIN CSIRT will obey the eduGAIN Declaration and the eduGAIN Constitution. and follow the procedures approved by the eSG.
Any Stakeholder within eduGAIN has the right to suggest new policies and procedures: such requests should be submitted to the Security Officer.
The decision whether to accept this request or not will be recorded in hte minutes of the meeting and feedback will be provided to the original requestor.
Communications and Meetings
All the members of the Group must subscribe to the Nikhef CSIRT mailing list (edugain-support-sec-team@lists.geant.org)
and should use it as the primary written communication channel. To allow for low latency
communications, the team may community using end-to-end encrypted instant messaging channels
provided all end-points have been pre-authenticated during a face-to-face validation. The group
deliberations happen at face-to-face meetings, phone/video conferences, or via the group mailing list.
To enable consideration, where practicable, the draft agenda together with reports and documents that relate to the group will be
forwarded to members three working days prior to scheduled meetings. Accurate minutes will be kept
of each meeting of the group. The minutes of a meeting shall be submitted to group members for
ratification at the next subsequent meeting of the group.
Decision making
Wherever possible, the Group will arrive at proposed draft recommendations documents
and/or advice by clear consensus, as determined by the Chair
A voting process will only start if consensus cannot be reached after two consecutive group
meetings or if at least one third of voting members of the Group call for a vote
A decision is adopted if more than 50% of the voting members present cast their vote for the
proposed decision
If the group’s recommendations are adopted by majority vote, minority positions will be
recorded and reported
The group, by majority decision, may refer matters for decision to the Director on issues
where a consensus cannot be achieved.