You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Introduction

Goal of this challenge is to assess the communication infrastructure available to the eduGAIN security team. In this first round the contact addresses of Participants (see below) were tested. The security contacts email addresses were retrieved from the eduGAIN Database using the APIs published on the technical site. (NOTE: DOES THIS NEED SOME MORE INFO? URLS?)

Participants

In the eduGAIN CommsChallenge2020-12 the following eduGAIN participants were challenged:

AAF, AAI-EDUHR, ACONET, AZSCINET, CAF, CYNET-IF, DFN-AAI, EDUID-CZ, FENIX, GRNET, HAKA, IDEM, INCOMMON, LEAF, LITNET-FEDI, LK-LIAF, PIONIER-ID, RIF, ROEDUNETID, SAFIRE, SIR, SURFCONEXT, SWAMID, SWITCHAAI, TAAT, TUAKIRI, UK-FEDERATION, WAYF


What was assessed

Besides the validity of the available contact addresses also the reaction time was measured. This information was collected to be used as input for a later discussion on response times .  The community would need to define target reaction times, which are regarded to be useful to be used in security incident coordination situations.


Validity of the contact addresses

Assuming that all contacted participants received the challenge mail and  understood what action was expected from them we have a 86% success rate, in absolute numbers, 24 participants out of 28 have reacted.

Reaction times

The graph above shows that the all reactions were recorded within 10h the majority within approx 2h. Given that almost all time zones were covered in this global exercise the reaction times are very good and indicate that the security contact adresses of the participants are alo monitored during out-of-office hours.


Follow Up

The participants that have not reacted to the challenge mail will get contacted via alternative channels and a solution for the communication issues will be implemented, and tested.

  • No labels