Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Title

The name of the group is eduGAIN Computer Security Incident Response Team (CSIRT)

Definitions


Word/TermDefinition
IdP

Identity Provider, a service that creates, maintains, and manages identity information for principals and provides authentication services to relying parties

SPService Provider, an organization (or part of an organization) that manages and delivers a service or services to customers
(Identity) Federationhttps://wiki.geant.org/display/eduGAIN/Identity+Federations+and+eduGAIN
Federation Operatorhttps://wiki.geant.org/display/eduGAIN/Federation+Operators
CSIRTComputer Security Incident Response Team
EntityIdPs, SPs and Attribute Authorities (standalone) (AAs)
eduGAINThe eduGAIN inter-federation service connects identity federations around the world, simplifying access to content, services and resources for the global research and education community.
eSGeduGAIN Steering Group, the governing body of eduGAIN
Entity Security Contactan entity mail address monitored by multiple individuals

Purpose and Responsibilities

eduGAIN-CSIRT provides computer security incident response coordination for eduGAIN. It serves as the primary contact point for all security related issues affecting eduGAIN.

The group maintains a communication infrastructure to assure that all relevant information is received by the relevant entities in eduGAIN.

That the information is processed and needed response actions are carried out is the responsibility of the entity and the hosting federation(s)

Constituency

eduGAIN-CSIRT provides incident response coordination for the entities organized in the federations participating in eduGAIN.

Service Description

Members of eduGAIN-CSIRT provide or assist in providing the following services:

  • Incident coordination on the inter-federation and inter organization level.
  • maintaining and testing of a communication infrastructure that allows for a timely information flow among the affected entities, see https://wiki.geant.org/display/eduGAIN/Communication+Challenge+FAQ
  • if requested, and appropriate, support in incident resolution (forensics).

Service Level Description

The services described above are provided at least during business hours (9x5) with 2-hour response, and outside business hours on a best-effort basis.

Composition

Membership

eduGAIN-CSIRT consists of:

  • the eduGAIN-CSIRT Security Officer
  • Senior security professionals from IT infrastructures so designated by the eduGAIN-CSIRT Security Officer

Chair

The Chair of eduGAIN-CSIRT is the Security Officer.

Duties

The duties of the Chair include:

  • Scheduling and running eduGAIN-CSIRT meetings and ensuring that minutes are taken and published.

  • Ensuring all discussion items end with a decision, action or definite outcome.
  • Inviting specialists to attend meetings when required according to the eduGAIN-CSIRT agenda.
  • Acting as general point of contact for eduGAIN-CSIRT.
  • Ensuring that documents produced are presented for approval and adoption and that once approved these are published and made available.

  • Ensuring that eduGAIN-CSIRT meets the various demands placed on it to produce and maintain policy, procedure and best practice. This will include negotiation with eSG, members of the CSIRT, and other stakeholders to agree priorities and timelines commensurate with the effort available to the Group.

  • Reporting to the the eSG as appropriate.

Term of Office

The Term of Office is unlimited.

Method of Appointment

The eSG appoints the eduGAIN-CSIRT Chair.

Operating Procedures

The operation of eduGAIN-CSIRT will obey the eduGAIN Declaration and the eduGAIN Constitution. and follow the procedures approved by the eSG. Any Stakeholder within eduGAIN has the right to suggest new policies and procedures: such requests should be submitted to the Security Officer. The decision whether to accept this request  or not will be recorded in the minutes of the meeting and feedback will be provided to the original requestor.

Communications and Meetings

All the members of the Group must subscribe to the eduGAIN-CSIRT mailing list (edugain-support-sec-team@lists.geant.org)
and should use it as the primary written communication channel. To allow for low latency
communications, the team may community using end-to-end encrypted instant messaging channels
provided all end-points have been pre-authenticated during a face-to-face validation. The group
deliberations happen at face-to-face meetings, phone/video conferences, or via the group mailing list.
To enable consideration, where practicable, the draft agenda together with reports and documents that relate to the group will be
forwarded to members three working days prior to scheduled meetings. Accurate minutes will be kept
of each meeting of the group. The minutes of a meeting shall be submitted to group members for
ratification at the next subsequent meeting of the group.

Decision making

  • Wherever possible, the Group will arrive at proposed draft recommendations documents and/or advice by clear consensus, as determined by the Chair

  •  A voting process will only start if consensus cannot be reached after two consecutive group meetings or if at least one third of voting members of the Group call for a vote

  •  A decision is adopted if more than 50% of the voting members present cast their vote for the  proposed decision

  •  If the group’s recommendations are adopted by majority vote, minority positions will be recorded and reported

  • The group, by majority decision, may refer matters for decision to the Director on issues where a consensus cannot be achieved.

Peer Organizations

The eduGAIN-CSIRT shall proactively communicate with recognized peer organizations regarding suspected and confirmed security incidents that could affect such peers. It shall maintain a reference to the operating policies and practices of such peer infrastructures and participate in their processes and the evolution thereof.

Communication Channels

ChannelReference
eduGAIN-CSIRT email listedugain-support-sec-team@lists.geant.org
Report of abuseabuse@edugain.org
eduGAIN-CSIRT wiki & meeting minuteshttps://wiki.geant.org/display/eduGAIN/eduGAIN+Security
Telephone
Instant messaging channelsSignal group, keybase.io: edugain_sec

Related material and references

Reporting

eduGAIN-CSIRT provides input about current operational security activities to Federation Operators group and eSG on request.




Authority

eduGAIN-CSIRT is authorized by the eSG to coordinate computer security incident response activities within its Terms of Reference and the applicable security policies. The eSG is the governing body of eduGAIN-CSIRT.

TO BE DISCUSSED:

should we explicitly mention particular actions we would need to take in situations where we would need to take serious actions like suspending participants as a last resort to protect eduGAIN as such