Document structure
OT tasks
Management of core eduGAIN services
Supervision of eduGAIN joining process
Management or supervision of supplementary eduGAIN services
OT procedures
members registering or changing information
introduction of new eduGAIN metadata requirements
introduction of new good practices for metadata
handling of system alerts
system updates
software development, testing and production implementation
backup
monitoring
Core services
Suplementarny services
Service Order
Problem resolution
Configuration change
System update
Backup
Disaster recovery
information type | registration level | security level |
---|---|---|
federation delegate to eduGAIN SG | eduGAIN | S |
federation delegate deputy to eduGAIN SG | eduGAIN | S |
federation page URL | eduGAIN | 1 |
federation mail contact | eduGAIN | 2 |
federation SAML policy URL | SAML | 1 |
registration practice statement URL | SAML | 1 |
federation SAML metadata aggregate access URL | SAML | 3 |
federation metadata signing key | SAML | 4 |
registrationAuthority attribute value | SAML | 3 |
Federation delegate and deputy are the only federation representatives authorized to submit information, therefore their identity needs to be established in a trusted way, this is however part of the global eduGAIN trust model, not specific to the SAML prifile.
security level | description |
---|---|
S | special - delegating representatives requires contact with the federation management |
1 | informational, not requiring special vetting |
2 | important contact information |
3 | information of eduGAIN operational relevance, requires special care |
4 | crucial for eduGAIN trust, requires utmost care |
The eduGAIN database is central to all eduGAIN core services. The database stores:
The database is placed on a host separated from the external network, accessible only trough a limited numbers of secure hosts. Database access is realised via dedicated user accounts with access right crafted to minimize the possibility of unauthorized changes.
The database is managed mostly via a web interface secured with access passwords. Modification of data on security levels S, 1, 2 can be done without any additional protection. Management of data with security level 3 is protected with on-time passwords mailed to an external mail account of the managing administrator. Management of data with security level 4 requires direct access to the database host.
Core Services
Supplementary services
All eduGAIN core service hosts are
Custom eduGAIN software
The security of the eduGAIN SAML services is essentially the security of the eduGAIN aggregate. This in turn depends on:
Risk analysis
The most likely event