Introduction

To fulfil its mission and protect primary and secondary assets of any infrastructure and community, it is necessary to be protected from damage, disruption, and unauthorised use. This reference ‘Security Operational Baseline’ supports these goals by defining minimum expectations and requirements of the behaviour of those offering services to users and communities, and of those providing access to services or assembling service components. It aims to establish a sufficient level of trust between all participants in an infrastructure to enable reliable and secure operation.

The Security Operational Baseline codifies current community good practice for protecting authentication providers, AAI platforms, and identity providers, participating in an AAI Federation. It is RECOMMENDED that all service providers follow these Baseline Requirements to achieve a sufficient level of security. These requirements augment but do not replace applicable security policies and obligations, nor any more specific security arrangements and service level agreements that may exist between participants.

Terminology

Terminology in this document follows conventional IT service management vocabulary, such as ITIL and FitSM, and the RFC 2119 key words. For clarification, we define the following specific terms.

This Guideline is accompanied by implementation recommendations and reference material. Links to these materials are provided at https://aarc-community.org/guidelines/aarc-g084/.

Security Baseline

To adhere to the Security Operational Baseline, you must:

1. comply with the SIRTFI security incident response framework for structured and coordinated incident response

2. ensure that your Users agree to an Acceptable Use Policy (AUP) or Terms of Use, and that there is a means to contact each User.

3. promptly inform Users and other affected parties if action is taken to protect their Service, or the Infrastructure, by controlling access to their Service, and do so only for administrative, operational or security purposes.

4. honour the confidentiality requirements of information gained as a result of your Service’s participation in the Infrastructure.

5. respect the legal and contractual rights of Users and others with regard to the personal data processed, and only use access personal data for administrative, operational, accounting, monitoring or security purposes.

6. retain system generated information (logs) in order to allow the reconstruction of a coherent and complete view of activity as part of a security incident (the ‘who, what, where, when’, and ‘to whom’), for a minimum period of 180 days, to be used during the investigation of a security incident.

7. follow, as a minimum, generally accepted IT security best practices and governance, such as pro-actively applying secure configurations and security updates, and taking appropriate action in relation to security vulnerability notifications, and agree to participate in drills or simulation exercises to test Infrastructure resilience as a whole.

8. operate services and infrastructure in a manner which is not detrimental to the security of the Infrastructure nor to any of its Participants or Users.

9. collaborate in a timely fashion with others, specifically those with which there is a direct trust relationship, in the reporting and resolution of security events or incidents related to their participation in the infrastructure and those affecting the infrastructure as a whole.

10. honour the obligations on security collaboration and log retention (clauses 1, 6, and 9 above) for the period of 180 days after their Service is retired from the Infrastructure, including the retention of logs when physical or virtual environments are decommissioned.

11. not hold Users or other Infrastructure participants liable for any loss or damage incurred as a result of the delivery or use of the Service in the Infrastructure, except to the extent specified by law or any licence or service level agreement.

12. maintain an agreement with representatives for individual service components and suppliers that ensures that engagement of such parties does not result in violation of this Security Baseline.

Membership Management Policy for <Collaboration name>

This policy is effective from <insert date>.

The current collaboration manager can be found at <insert link>.

INTRODUCTION 

This policy establishes practices that are adopted by <collaboration X> in the management of its members. Accurate management of a collaboration’s members and their authorisation attributes is fundamental to ensuring secure access control. Trust between <collaboration X>, underlying infrastructure and partner collaborations may be established by rigorous application of this policy. 

COLLABORATION MANAGER

<Collaboration X> defines a Collaboration Manager role and assigns this role to two or more individuals. The Collaboration Manager is responsible for meeting the requirements identified in this policy. This responsibility may be devolved to designated personnel in the Collaboration or in the Infrastructure, and their trusted agents (such as Institute Representatives or Resource Centre Managers).

MEMBERSHIP LIFE CYCLE REQUIREMENTS 

Membership Life Cycle: Registration

Membership Registration is the process by which an applicant joins the Collaboration and becomes a Member. Registration Data must be collected at the time of Registration, verified and stored in compliance with the Privacy Notice [ref]. Reasonable efforts must be spent to validate the data.

Membership Life Cycle: Assignment of Attributes

Assignment of attributes (such as group membership, entitlements, or roles) shall be the responsibility of the Collaboration Manager or of designated person(s).
Attributes shall be assigned only for as long as they are applicable.

Membership Life Cycle: Renewal

Membership Renewal is the process by which a User remains a member. Renewal procedures shall
* ensure that accurate Registration Data is maintained
* confirm continued eligibility of the User to use Resources assigned to the Collaboration
* confirm continued eligibility of the User to any attributes
* ensure the reaffirmation of acceptance of the Collaboration AUP
The maximum time span between Registration and Renewal, and between Renewals, shall be <INSERT RENEWAL TIMESPAN>. The User shall be able to correct and amend their Registration Data at any time.

Membership Life Cycle: Suspension

The Suspension of Collaboration membership is the temporary revocation of full or partial rights and of any attributes. Suspension is done by or on behalf of the Collaboration Manager. 
A User should be suspended when the Collaboration Manager is presented with reasonable evidence that the member’s identity or credentials have been used, with or without the user’s consent, in breach of relevant Policy.
The Collaboration Manager must act on any requests for suspension without delay.
User’s rights shall not be reinstated unless the Collaboration Manager has sent timely prior notification to all those who requested Suspension.

Membership Life Cycle: Termination

The Termination of Collaboration membership is the removal of a member from the Collaboration. Following Termination, the former member is no longer eligible to use Infrastructure Resources assigned to the Collaboration. The Collaboration must no longer assert membership or attributes for the former member.
In absence of overriding reasons, a request by the User for removal must be honoured.
The events that shall trigger possible termination of the User’s membership of the Collaboration include:
* failure to complete a membership Renewal process within the allotted time
* end of participation of the User in the Collaboration

REGISTRATION DATA REQUIREMENTS

The Registration data for a User comprises verified information:
* family name(s)
* given name(s)
* the employing organisation name and address
* a professional email address
* unique and non-reassigned identifier(s) of the User and the source of authority of each identifier
* <Add or delete lines as required>
and is recommended to contain:
* professional contact telephone number so as to inform the User promptly during the investigation of security incidents and of lifecycle events
* other contact information, as voluntarily provided and maintained by the User.
The types of information recorded must be listed in the Privacy Notice

AUDIT AND TRACEABILITY REQUIREMENTS

The Collaboration records and maintains an audit log of all membership lifecycle transactions. This audit log is kept for a minimum period consistent with the Traceability and Logging Policies of all Infrastructures that provide resources to the Collaboration.
* Membership,
* assignment of or change to a member’s attributes,
* membership renewal,
* membership suspension,
* membership termination or re-evaluation.
Each logged event should record the date and time, the originator, the details of the event, and whether or not it was approved. The identity of the person granting or refusing the request should be recorded, including any verification steps involved and other people consulted.

ACCEPTABLE USE POLICY REQUIREMENTS

Collaboration X defines an Acceptable Use Policy (AUP) [ref]. The AUP must be shown to all persons joining the Collaboration. Acceptance of the AUP by Collaboration members who act as responsible persons towards the Infrastructure must be an explicit action, must be recorded, and must be a prerequisite for registration in the Collaboration [ref]. The AUP should provide awareness on inappropriate actions by individual users that may affect the ability of other members to use an infrastructure.