Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What is your security incident response policy or procedure to enable coordinated response across federation members?


OrganisationFederationAnswers
AAF - Australian Access FederationAustralian Access Federation (AAF)Currently under development
AAI@EduHrAAI@EduHrupon incident AAI@EduHr team coordinates activity with CERT team(s)
ACOneteduID.atNone so far
iAMRES  
ARNESArnesAAI Slovenska izobraževalno raziskovalna federacijaWe use federation mailing list and customer portal to coordinate if a coordinated resposne is needed.
Belnet  
CANARIECanadian Access FederationContact tickets@canarie.ca with request to create a ticket and commence processing the request.
CESNETeduID.czWe have CESNET-CERTS team and a mailing list where all IdP/SP admins are reachable.
DFNDFN-AAIdedicated mailing lists, ticket system
EENetTAAT 
FunetHakaFederation helpdesk initiated
GARRIDEMIdPs and SPs must keep log files for a minimum of six months. Members are expected to investigate and resolve security problems, in collaboration with IDEM and GARR-CERT.
HEAnetEdugatenone
Internet2InCommonNone
Janet (UK)UK Access Management FederationNot formalised.
KREONETKREONET Access FederationWe don't have yet.
LITNETLITNET FEDIall security incidents have to be reported to incident response team LITNET CERT
NIIGakuNinNot clearly defined yet
NIIF/HUNGARNETHREF / eduID.hu; not a formal body, thus no formal namebest effort
RedIRISSIRNone yet
RENATERFederation Education RechercheOur CERT + best effort of the federation team
REUNACOFReEmail contact
RNPComunidade Acadêmica Federada (CAFe)Vulnerability analysis and update patches.
SUNETSWAMIDWe have mailing lists to reach out to IdP:s. We also have a contact list for SP:s
SURFnetSURFconextAlert mailing-list, blocking SPs or/and IdPs when there is a high risk security incident.
SWITCHSWITCHaaiNo formalized policy or procedure yet.
UNINETTFeideHandled through UNINETT CERT

 

 What are your drivers and concerns regarding eduGAIN?

 

Organisation Federation
AnswersHow to Address?
AAF - Australian Access FederationAustralian Access Federation (AAF)Identities beyond the AAF Boarders, Research Services, Lack of a support model 
AAI@EduHrAAI@EduHrlow interest of SPs More central communication with SPs?
ACOneteduID.atConvincing institutions to adopt Entity Categories, separating metadata availability from attribute release (IDPs) and access control (SPs)Attribute release / entity categories work
AMRESiAMRES  
ARNESArnesAAI Slovenska izobraževalno raziskovalna federacijaMissing list of interesting applications that could be used to endorse eduGAIN for our organizations.More central communication with SPs?
BELNETBelnet R&E FederationNeed a clear repository of the SP's offers (content, target public, etc.) 
CANARIECanadian Access FederationClarity around how to describe 'equivalence' of entities in eduGAIN to our communityPushing standardisation of MRPS
CESNETeduID.czWe are concerned about released attributes, but that could be solved by R&E entity category as we hope.Attribute release / entity categories work
DFNDFN-AAIscalability (number of entites in downstream metadata) 
EENetTAAT  
FunetHakaHome organisations haven't yet had need to export their IdP to eduGain due to small amount of SPs. Users don't yet have real use cases for international federated log in. Adoption from big international SP would help (e.g. Kivuto OnTheHub, which is basically Microsoft Webshop)More central communication with SPs?
GARRIDEMDrivers: IdP opt-out. Concerns: also if metadata are in place on both sides, this is not enough to make the service workingAddressing inconsistent metadata management practices
HEAnetEdugatetest and private entities bloating eduGAIN metadata, we've had to increase memory allocations in Shibb IdP on a number of occasions (2.5GB but this may not be enough) Encouraging sensible opt-out for entities. 
Internet2InCommonInterfederation via eduGAIN is our highest priority 
Janet (UK)UK Access Management FederationStability of MDS and adherence to SAML standards. 
KREONETKREONET Access Federationdriver: increasing KREONET uptake, issue: Korean government's security policy 
LITNETLITNET FEDI- 
NIIGakuNinConsistency of policy, no details on the provider listPushing standardisation of MRPS, More central communication with SPs?
NIIF / HUNGARNETHREF / eduID.hu; not a formal body, thus no formal name
RedIRISSIRAttribute set used by IdPs is minimum. A conversion from PAPI two SAML2int have to be done.Attribute release / entity categories work
RENATERFederation Education RechercheWe would like to get a benchmark of SP enrollment practices in the different federationsMRPS and see work on REFEDS wiki
REUNACOFReeduGAIN member 
RNPComunidade Acadêmica Federada (CAFe)We are integrated into eduGAIN using and disseminating various services (SP's) for IdP's of CAFe. Furthermore, we would like to include a service provider in eduGAIN and help develop the international code of   conduct.ICoCo
SUNETSWAMIDWe have opt out for IdPs and recommend all IdPs to be present in edugain.Standardising for opt-out for IdPs
SURFnetSURFconext1. We have extensive documentation on edugain available for our federation members.
2. We use a hybrid architecture for eduGAIN. Dutch SP's should connect in mesh to non-SURFconext IdP's and they are not used to this.
3. We have strict policies for our (commercial) SP's and Code of Conduct is less strict. We don't know yet how we can have both policies within one federation.
4. We encourage our IdP's to be part of eduGAIN, but we don't push them.
5. We think it is a problem that eduGAIN IdPs are listed in all WAYFs of eduGAIN SPs and get access denied at 99% of them.
Need to understand and explore point 3 with Surfnet. 
SWITCHSWITCHaaiSPs of interest to our community slowly start driving the interest. Interoperability issues due to misconfigured entities (SP listed in eduGAIN but not consuming metadata or SP not in eduGAIN but listing interfered IdPs in discovery)  
UNINETTFeideAttribute release policies, opt-in model making it difficult for SPs to get noticed.