WHY
Projects have a lot of similar requirements.
By centrally providing these as "building blocks", projects do not have to do this themselves.
ALready existing building blocks should be better "marketed".
This would improve efficiency.
It will also unify policies across and between different service operators within the project.
This in turn will make it easier to relocate services.
SCOPE
- VMs
- Service Monitoring
- Backup/restore/archiving - data retention (ties into GDPR)
- Git repos (non-public and public)
- PKI:
- Strategy
- certbot
- tcs
- edpki ca
- let'sRadsec <= very eduroam specific? i.e. s
- cab forum (related, mayb come down to lobby work?)
- Certificate transparency
- Security Operations Centre (SOC)
- FLS (service desk)
WHAT
tbd
HOW/WHEN
tbd
Post-Its:
AAI Pilots also need PROD stuff like securing, monitoring, policy
Certificate Transparency → Security: No it is immediately related to X.509 SSL certificates
eduPKI → change to internal service
PKI work needs revisions (eduPKO, CT, certbot, Let'sRadSec)