1.1. Membership
The eduGAIN Security Working Group membership is open to:
- Any staff member of an eduGAIN Identity Federation that has a clear remit for security.
- Members of the eduGAIN Service staff, including eduGAIN Security Team, Operational Team, Support Team and Secretariat.
- Recognised security experts from the wider eduGAIN community that are accepted by the group.
New members that do not work for an eduGAIN Identity Federation must receive the approval of two participating Identity Federations before being added to the group.
Members must be able to commit to attending eduGAIN Security Working Group meetings on a regular basis, providing input to the eduGAIN Security Working Group deliverables and support the implementation of security practices from their group in national federations and eduGAIN.
1.2. Goals
The initial goals for the group for 2021/22 are:
- To define and support an appropriate communication mechanism for reactive incident response management between the eduGAIN Security Team, Federation Operators and Federation Entities including support for the eduGAIN Security Incident Response Handbook.
- To define and support an appropriate communication mechanism for proactive incident management and security warnings between the eduGAIN Security Team, Federation Operators and Federation Entities.
- To support the review and analysis of security incidents and make recommendations that will support and enhance the security stance of eduGAIN and Identity Federations.
- To build a trusted security community for eduGAIN. This may be through activities such as: adoption of entity categories, creating supporting materials, increasing understanding, building trust in Security contacts, crisis exercises and other security / communication challenges.
The group will adhere to the processes defined for eduGAIN Working Groups when socialising and approving outputs.
The group will have a lightweight annual workplan to ensure that these goals are being met.
REM: (SG) security service to be defined together with the edugain community, and a mandate covering the services given to the sec team by eSG.
REM: (SG) not sure if reactive and proactive communication can always be clearly recognized, at least it will add complexity. I would go with one default communication method, which then is also monitored by the participants.
1.3. Timeframe
There is no time limit set for this group. Goals and objectives for the group will be reviewed annually.
1.4. Support
The Working Group will be supported by the eduGAIN Secretariat. Tools available:
- GÉANT wiki for minutes and documentation for the group.
- eduGAIN Slack channel: https://join.slack.com/t/edugain/shared_invite/zt-4ixrznlz-tIroWlR3UNKUwWTT9w1JjQ
- Working Group mailing list: eswg@lists.geant.org.
More secure methods of communication may be included as the group develops.