...
- VMs
- Service Monitoring
- Backup/restore/archiving - data retention (ties into GDPR)
- Source code repositories (non-public and public)
- PKI:
- Strategy
- certbot
- tcsTCS
- edpki caeduPKI CA
- let'sRadsec <= very eduroam specific? i.e. s
- cab forum (related, maybe come down to lobby work?)
- Certificate transparencyTransparency
- Security Operations Centre (SOC) - in edugain ops in whitepaper
- FirstLevelSupport FLS (service desk)
WHAT
PKI:
- Develop a PKI strategy for GN4 that will somehow put the PKI related GN services (such as TCS, eduPKI (knowledge center & CA), let'sRadSec, certbot, Certificate Transparency efforts and potential lobbying work at fora and organisation) into perspective. Shaping the services.
- Develop and enhance tools and services (like certbot, let'sRadSec, TCS and eduPKI CA) to ease and broaden the use of PKI within the GN world.
- certbot should be able to be used by server admins of standard web-servers and RadSec-servers to request and deploy certificates from ACMEv2 compatible CAs, like from TCS and eduPKI CA
- Research how certbot can be fit into an Organisation Validated (OV) certificate issuing environment like it is currently for TCS & eduPKI
- implement changes to certbot and/or a server component to connect to eduPKI CA's SOAP-API, for use with Let'sRadSec.
- Providing independent services to strengthen the trust into public web-PKI and NREN / GN internal PKI by making the used PKI more transparent.
- Providing certificate services that are based on GN/NREN requirements but independent from PKI developments outside of control GN and NRENs → "internal PKI"
- Lobbying for GN/NREN specifics as an interested 3rd party at CA/Browser Forum. Though it's currently unclear what the goal or expected outcome of such task is. Except for the goal to research how GN participation could be possible in the forum and what it's possible impact could be.
HOW/WHEN
tbd
Post-Its:
AAI Pilots also need PROD stuff like securing, monitoring, policy
...