Trust and Internet Identity Meeting Europe
2013 - 2020: Workshops and Unconference

Crisis simulation for eduGAIN

(Hannah Short)

Discussions at REFEDS and TechEx indicate support for holding a large scale crisis simulation for the eduGAIN Community. We plan to hold one within the next 2 years - this session is to share ideas and collect input.

We need to get enough people involved and the question is: do we need to do this on eduGAIN level or do we have to rely on federation institute? Having federation aspect would be useful.

For the crisis simulation, people should be put to the high-pressure environment (the network goes down, police get involved and that sort of thing). We have not done something like that in federation context.

Speaking about the people, they should not be excluded from the event because of the inability to pay to come to the event. So we should do more on-line activity, maybe through phoning people. So how should we get people into this simulation? Would getting people purely online make some sense?

A: Advance of doing it online is we can simulate what would actually happen, but things would take longer because some people would not be able to answer immediately. Doing something face to face with fewer people is better to start off with something.nAlso when doing it face to face has the advantage that people are focusing better on that thing.

Q: What are our initial objectives? A: To train people…

Important thing is to think about how many roles are we talking about We want people to play their actual role. Also, people operating IDP would probably be unwilling to go get their CEO to participate in some little simulation for eduGAIN.

If you are working in person it is faster and online because the response times are longer. We need to test awareness so that we ask any one of a 100 security groups. But the natural reaction is just to ignore it, so the question is if we get reactions. We maybe need federations to do that.

If we as people organizing it ask “hey federations, would you be willing that some members of your federation participate in this event?” and if some federations are willing to engage, then they can advertise it.

We did a bit of brainstorming about possible scenarios TNC… Maybe some critical key is compromised or some critical service goes down or there is a problem that everybody ends up having the same identity.

What it means to have compromised accounts. Participants enjoy these tests. You have got to make it fun. The realistic scenario would be the vulnerability of a key piece of software. Most of the people have zero experience with this.

There is also a communication challenge. We can send a number of emails and wait for the answers. The proposed time when this is going to happen. Many federations do this twice a year.

April 2020 should be test 1. (a year from the training for trainers last year in London).

Do you want to engage with other groups to help and get help? At the TechEx unconference session, we said all help is welcome.

Federations could be more open.

Plan how to do it? Whom we need to talk to? For example, what is the federation name in Romania. In Serbia it is also a problem. What is the right entity to ask? Should it be voluntary or ..?

Q: Is it worth to do thank you talk at TFC? To say thank you for doing this? A: Yes