Sirtfi

David Kelsey (STFC-RAL)REFEDS at TNC15

14 June 2015

Sirtfi?A Security Incident Response Trust Framework for Federated Identity Abstract • This document identifies practices and attributes of

organizations that may facilitate their participation in a trust framework called Sirtfi purposed to enable coordination of security incident response across federated organizations

Audience • This document is intended for use by the personnel

responsible for operational security at Identity Providers and Service Providers, and by Federation Operators who may facilitate its adoption by their member organizations

14 June 15 Sirtfi at REFEDS, Kelsey 2

Sirtfi (2)Sirtfi trust framework aims• to enable a coordinated response to a security incident

in a federated context• does not depend on a centralised authority or

governance structure to assign roles and responsibilities• The document defines a set of capabilities and roles

associated with security incident response that an IdP or SP organisation self-asserts

• The Sirtfi trust framework posits that organisations asserting conformance with these will coordinate their response to security incidents using processes to be defined elsewhere

14 June 15 Sirtfi at REFEDS, Kelsey 3

Sirtfi – since TechX• Meeting after Internet2/Esnet TechX (Oct 2014)• A video meeting – 29th Jan 2015 • Doc moved to Google Docs and simplified• Document still evolving (now V1.8)

– Make public once we have a reasonable first draft• Still unresolved matter

– When/how/must IdPs and SPs notify each other?• Not so much recent activity – waiting for AARC

14 June 15 Sirtfi at REFEDS, Kelsey 4

Coordinated activities• REF 15-4D REFEDS Incident Response

Framework WG– Charter/Strategy being worked on (Licia et al)

• REF 15-6D - SIRTFI itself• EU H2020 AARC

– NA3 Task 2 – Incident Response (CERN, Romain Wartel)

• Split of work still to be agreed• And relation to other activities?

– E.g. Shared Signals and the Confyrm Event Warning Services

14 June 15 Sirtfi at REFEDS, Kelsey 5

Possible next steps• Finalize V1 of the Sirtfi document• Define how an organization can adopt Sirtfi • Explore ways to implement the framework by use of

entity category or trust marks:– Entity category approach?– Or as an assurance profile?

• Guidelines for security contact information in metadata• Workflow to initiate response to a security incident• Test with limited number of IdPs/SPs• Feedback will be important – from REFEDS and FIM4R

14 June 15 Sirtfi at REFEDS, Kelsey 6

More information

• Mail list – sirtfi@terena.org• wikihttps://wiki.refeds.org/display/GROUPS/SIRTFI

• Latest draft Sirtfi document (V1.8)http://goo.gl/2xnf2G

14 June 15 Sirtfi at REFEDS, Kelsey 7

Questions?

14 June 15 Sirtfi at REFEDS, Kelsey 8