...
I manage a research community of members that will access shared infrastructure services. What simple steps can I take to make my community a trustworthy participant in this environment?
| What must I do? | Explanation | Example |
|---|---|---|
| Define a unique name | This name will be critical for uniquely identifying your community and its participants. Ensure there are no possible collisions. | Strongly suggest using a DNS name |
| Ensure members and their authorisations are valid and enforced | Put a process in place to check whether members are valid, for how long, and what they should be entitled to do. If automatic provisioning is not possible, establish periodic review procedures. | ????? PDK seems too long. Probably need a new one here. |
| Require members to accept an Acceptable Use Policy that defines the community goals and does not conflict with Infrastructure AUPs | A significant effort has been spent in the research and education identity community to harmonise Acceptable Use Policies, minimising the need to interrupt end users with notifications and enabling easier interoperability. |
| Add your community's goals to the WISE AUP | ||
| Inform members about how their personal information is processed | You will likely be subject to local laws. You should also consider international best practices, such as the REFEDS Code of Conduct. | The AARC recommendation from the Policy Development Kit |
| Be able and willing to collaborate in security incident response | Ensure that you follow best practices for security incident response such as traceability, revocation, the ability to contact users and proactive notification of incidents to partner organisations. | Support the Sirtfi Framework. Define a procedure to be followed when needed. |