...
- To define and support an appropriate communication mechanism for reactive incident response management between the eduGAIN Security Team, Federation Operators and Federation Entities including support for the eduGAIN Security Incident Response Handbook.
- To define and support an appropriate communication mechanism for proactive incident management and security warnings between the eduGAIN Security Team, Federation Operators and Federation Entities.
- To support the review and analysis of security incidents and make recommendations that will support and enhance the security stance of eduGAIN and Identity Federations.
- To build a trusted security community for eduGAIN. This may be through activities such as: adoption of entity categories, creating supporting materials, increasing understanding, building trust in Security contacts, crisis exercises and other security / communication challenges.
The group will adhere to the processes defined for eduGAIN Working Groups when socialising and approving outputs.
The group will have a lightweight annual workplan to ensure that these goals are being met.
REM: (SG) security service to be defined together with the edugain community, and a mandate covering the services given to the sec team by eSG.
REM: (SG) not sure if reactive and proactive communication can always be clearly recognized, at least it will add complexity. I would go with one default communication method, which then is also monitored by the participants.
Timeframe
There is no time limit set for this group. Goals and objectives for the group will be reviewed annually.
...
- GÉANT wiki for minutes and documentation for the group.
- eduGAIN Slack channel: https://join.slack.com/t/edugain/shared_invite/zt-4ixrznlz-tIroWlR3UNKUwWTT9w1JjQ
- Working Group mailing list: eswg@lists.geant.org.
More secure methods of communication may be included as the group develops.
...