You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Draft available at https://docs.google.com/document/d/176vzNaoK6KvKTMp8Glk2n1NaM6bxiS1QqH8M3_mu7NI/edit# 


Objective 

Provide new or evolving Research Communities  and Infrastructures with the guidance they need to develop a complete policy suite supporting Federated Identity Management

Audience 

Operational Management of Research Communities and their respective infrastructures

Process

  1. Identify Policies Required for Compliance with Snctfi
  2. Identify Example Policies from other infrastructures to serve as inspiration
  3. Produce a training module to enable Research Communities to have a basic starter pack for policies
    1. Encourage RCs to make policy decisions (e.g. log retention, minimum assurance etc)
    2. Translate those decisions into policy templates

Pre-Requisites

  1. Stable DP CoCo Version
  2. Aligned AUP AARC Deliverable

Which policies do we need?

Policy NeedSourceTemplate BasisCommentNameWhat should we produce?
Incident Response ProcedureSirtfiEGI Incident Response, should link to Sirtfi, AARC work
Incident Response ProcedureTemplate
Policy on authentication, authorisation, access control, physical and network security, security vulnerability handling and security incident handling for all ConstituentsSnctfiEGI Operational Security PolicyTop level policy that covers physical and network security, vulnerability handling and refers to additional policies on Acceptable Assurance, Incident Response Procedure, Membership managementTop Level PolicyTemplate
AUP for end usersSnctfiAARC Unified AUPEGI seems to have 2 AUPS, Infrastructure and User CommunityInfrastructure AUPTemplate

Policies and procedures regulating the behaviour of the management of the Collection of users 

SnctfiEGI Membership Management
Membership ManagementTemplate
Collections of users aims and purposesSnctfi
Where does this go?

Data Protection Policy, e.g. DP CoCov2

SnctfiCoCo
Data Protection Code of ConductFramework description

Privacy Policy 

CoCoAARC Template
Privacy PolicyTemplate
Policy on eligibility to use the infrastructure (i.e. services)Elixir
Similar to EGI Service Operations, there is some overlap with the Top Level PolicyService EligibilityTemplate
Risk Assessment??????????


Example Policy Sets




Differences with EGI Policies?

  • Cannot assume a CSIRT for each Infrastructure
  • Assume there is one AUP
  • Resource Centres are not relevant
  • There are not necessarily multiple User Communities



  • No labels