Introduction
Goal of this challenge is to assess the communication infrastructure available to the eduGAIN security team. In this first round the contact addresses of Participants (see below) were tested. The security contacts email addresses were retrieved from the eduGAIN Database using the APIs published on the technical site. (NOTE: DOES THIS NEED SOME MORE INFO? URLS?)
Participants
In the eduGAIN CommsChallenge2020-12 the following eduGAIN participants were challenged:
AAF, AAI-EDUHR, ACONET, AZSCINET, CAF, CYNET-IF, DFN-AAI, EDUID-CZ, FENIX, GRNET, HAKA, IDEM, INCOMMON, LEAF, LITNET-FEDI, LK-LIAF, PIONIER-ID, RIF, ROEDUNETID, SAFIRE, SIR, SURFCONEXT, SWAMID, SWITCHAAI, TAAT, TUAKIRI, UK-FEDERATION, WAYF
What was assessed
Besides the validity of the available contact addresses also the reaction time was measured. This information was collected to be used as input for a later discussion on response times . The community would need to define target reaction times, which are regarded to be useful to be used in security incident coordination situations.
Validity of the contact addresses
Assuming that all contacted participants received the challenge mail and understood what action was expected from them we have a 86% success rate, in absolute numbers, 24 participants out of 28 have reacted.
Reaction times
The graph above shows that the all reactions were recorded within 10h the majority within approx 2h. Given that almost all time zones were covered in this global exercise the reaction times are very good and indicate that the security contact adresses of the participants are alo monitored during out-of-office hours.