- remote Authentication/Authorization providers [RAP]
- definition: AAI-like service providers that a DESY service trusts for validation of remote users or services for granting access to resources
- e.e., AAI, token clients/endpoints
- security incidents at RAPs or their downstream institutions have to be communicated without culpable delay to DESY service operators and within four hours during workdays
- a RAP has to provide a contact address or ticket system entry point
- if a RAP's downtime institution is compromised, the RAP is assumed to be compromised
- if a RAP is compromised or a RAP's downstream institution is compromised, the RAP is excluded and further access is denied for all clients with credentials derived from the RAP
- a RAP, excluded due to compromised security of itself or a downstream institution, is trusted and accepted again for authentication or authorization after the affected RAP has send to DESY service operators an acknowledgment, that the security incident has been resolved.
Overview
Content Tools