UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
...
- It is strongly recommended to use a dedicated email address for the security contact. Personal , personal email addresses are discouraged.
- You are encouraged to provide a URL pointing to your incident handling process if available.
- Where possible, use the NREN's security function (local CERT/CSIRT). We will also accept specific security capability for the federation service, if the organization has a proper procedure to deal with the communication.
- In case of federated security incident possibly related to eduGAIN entities, notify the [eduGAIN-CSIRT] as required by the eduGAIN Incident Security Response Handbook [eduGAIN-SIRH].
Respond to requests for assistance with a security incident from the eduGAIN CSIRT or other eduGAIN Participants in a timely manner. The recommended response time is half business day.
Respect the Traffic Light Protocol [TLP] information disclosure policy and use it during incident response communications (ref. https://www.first.org/tlp).
- The contact needs to expect that the eduGAIN CSIRT runs periodic communication checks which need to be handled as any other incident response communication.
TODO: add how to update the information (solicited and unsolicited).
[eduGAIN-CSIRT] https://edugain.org/edugain-security/
...