WHY
Projects have a lot of similar requirements.
By centrally providing these as "building blocks", projects do not have to do this themselves and can focus on the service.
Already existing building blocks should be better "marketed".
This would improve efficiency.
By unifying policies across and between different service operators, it would be easier to relocate services.
SCOPE
- VMs
- Service Monitoring
- Backup/restore/archiving - data retention (ties into GDPR)
- Source code repositories (non-public and public)
- PKI:
- Strategy
- certbot
- tcs
- edpki ca
- let'sRadsec <= very eduroam specific? i.e. s
- cab forum (related, mayb come down to lobby work?)
- Certificate transparency
- Security Operations Centre (SOC)
- FLS (service desk)
WHAT
tbd
HOW/WHEN
tbd
Post-Its:
AAI Pilots also need PROD stuff like securing, monitoring, policy
Certificate Transparency → Security: No it is immediately related to X.509 SSL certificates
eduPKI → change to internal service
PKI work needs revisions (eduPKO, CT, certbot, Let'sRadSec)