As a major, global and identity federation service, security is at the very foundation of the trust model supporting eduGAIN and its participants.

Operational Security and Incident Response

eduGAIN has a small, dedicated Security Team to manage its security operations and incident response at the inter-federation level providing a unique point of coordination.

Constituency

The eduGAIN Security Team closely collaborates with the Identity Federations’ security operators and the National Research and Education Network CSIRTs and CERTs in eduGAIN to ensures that all security incidents are investigated as fully as possible.

As such, Sirtfi, the Security Incident Response Trust Framework for Federated Identity is a crucial building block in order to assist the participants through their federations in all operational security activities.

External collaborations

The eduGAIN Security Team values collaborations and international cooperation as key assets, and is both highly connected and largely overlapping with e-infrastructures, for instance represented in WISE, and international scientific user communities.

The eduGAIN Security Team seeks to engage with external entities on incident response, in order to protect affected organisations, identities and individuals.  Joining forces and information sharing are essential in order to tackle global threats.

For computer security emergencies or in case a security incident is suspected:
Contact the eduGAIN Security Team: abuse@edugain.org
<eduGAIN Security Team PGP key file>
PGP key fingerprint: F9FF B82B 9700 72D1 F753 25CF 5E3C 31D7 CE43 BCB8

eduGAIN participants: please follow the Security Incident Response Procedure for Federation Participants