SLATE Edge Administrator Obligations
|1.0||Initial Version||September 25, 2020|
In order to safely operate the SLATE Platform, the SLATE Platform Administrators require that SLATE Edge Administrators agree to the following:
- Keep their contact information, including security contact information, entered in the SLATE Platform, and the contact information for any groups they create, up to date.
- Perform the following in alignment with the edge site’s policies:
- Patch critical operating system vulnerabilities.
- Protect information systems they administer from intrusions using best practices and tools.
- Produce and retain logs appropriate for traceability of service administration and usage sufficient to be able to answer the basic questions – who? what? where? when? and how? concerning a security incident, and document the configuration of the logging mechanisms that produce this information.
- Apply updates to SLATE components, Kubernetes, their chosen container runtime, etc. if these are indicated by the SLATE Platform Administrators to be necessary for reliable and secure operation.
- Collaborate in the event of an incident with the SLATE Platform Administrators and other organizations participating in the SLATE Platform as needed.
- Information shared between collaborators for security incidents will be handled according to the Traffic Light Protocol (TLP, https://www.first.org/tlp/).
The SLATE Platform Administrators may remove edge clusters out of urgent concern for the security or interoperability of the overall platform.
To support Edge Administrators’ observance of these obligations, the SLATE Platform Administrators will:
- Notify SLATE Edge Administrators of vulnerabilities contained within the SLATE software.
- Maintain documentation of software versions supported in the SLATE federation (e.g. of Kubernetes).
- Notify Edge Administrators at least one month in advance of any change to the set of supported software versions which would necessitate Edge Administrators to install upgraded software to remain compatible with the federation.
- Annually test the list of Edge administrator and security contacts.
The SLATE Platform Administrators will additionally proffer, on a best-effort basis, notifications of misconfigurations or vulnerabilities in container orchestration (Kubernetes) and container runtime software (Docker, Podman, Singularity) used by the SLATE platform.
This document is a policy of the SLATE (Services Layer at the Edge) project, supported by the National Science Foundation Office of Advanced Cyberinfrastructure: “CIF21 DIBBs: EI: SLATE and the Mobility of Capability”, award number OAC-1724821.