WHY
Projects have a lot of similar requirements.
By centrally providing these as "building blocks", projects do not have to do this themselves and can focus on the service.
Already existing building blocks should be better "marketed".
This would improve efficiency.
By unifying policies across and between different service operators, it would be easier to relocate services.
SCOPE
- VMs
- Service Monitoring
- Backup/restore/archiving - data retention (ties into GDPR)
- Source code repositories (non-public and public)
- PKI:
- Strategy
- certbot
- tcs
- edpki ca
- let'sRadsec <= very eduroam specific? i.e. s
- cab forum (related, maybe come down to lobby work?)
- Certificate transparency
- Security Operations Centre (SOC)
- FLS (service desk)
WHAT
PKI:
- Develop a PKI strategy for GN4 that will somehow put the PKI related GN services (such as TCS, eduPKI (knowledge center & CA), let'sRadSec, certbot, Certificate Transparency efforts and potential lobbying work at fora and organisation) into perspective. Shaping the services.
- Develop and enhance tools and services (like certbot, let'sRadSec, TCS and eduPKI CA) to ease and broaden the use of PKI within the GN world.
- Providing independent services to strengthen the trust into public web-PKI and NREN / GN internal PKI by making the used PKI more transparent.
- Providing certificate services that are based on GN/NREN requirements but independent from PKI developments outside of control GN and NRENs → "internal PKI"
- Lobbying for GN/NREN specifics as an interested 3rd party at CA/Browser Forum
HOW/WHEN
tbd
Post-Its:
AAI Pilots also need PROD stuff like securing, monitoring, policy
Certificate Transparency → Security: No it is immediately related to X.509 SSL certificates
eduPKI → change to internal service
PKI work needs revisions (eduPKO, CT, certbot, Let'sRadSec)