These are initial ideas that have been raised during the planning meetings so far.
| Idea | Notes | Actions |
|---|---|---|
| Increase the number of security contacts for Federation Operators | ||
| How do we support federations that are small in size? | ||
| Gather information about how federations are working with existing NREN / other security teams | ||
| Influence role of federations for groups such as REN-ISAC / R&E group in Trusted Introducer | ||
| Process for proactive and reactive communications - should include ensuring FO knows as much as possible, trying to minimise multiple communications, clear eduGAIN branding etc. | ||
| Clearer information / training on TLP and what each area means - add federation context examples | ||
| Process for security / communication challenges | ||
| Process for after event analysis - breakdown the heartbleed work as an example (eg not just fixing entities but learning about legal models for monitoring and testing) | ||
| Acceptance of the eduGAIN Incident Response Handbook | ||
| Crisis exercises / security simulations. Can work with other groups like CLAW / TI on this. | ||
| Adoption of good security practices: Sirtfi, MFA etc. | ||
| Improve the use and understanding of Sirtfi / security contacts in metadata. |