Sirtfi
David Kelsey (STFC-RAL)REFEDS at TNC15
14 June 2015
Sirtfi?A Security Incident Response Trust Framework for Federated Identity Abstract • This document identifies practices and attributes of
organizations that may facilitate their participation in a trust framework called Sirtfi purposed to enable coordination of security incident response across federated organizations
Audience • This document is intended for use by the personnel
responsible for operational security at Identity Providers and Service Providers, and by Federation Operators who may facilitate its adoption by their member organizations
14 June 15 Sirtfi at REFEDS, Kelsey 2
Sirtfi (2)Sirtfi trust framework aims• to enable a coordinated response to a security incident
in a federated context• does not depend on a centralised authority or
governance structure to assign roles and responsibilities• The document defines a set of capabilities and roles
associated with security incident response that an IdP or SP organisation self-asserts
• The Sirtfi trust framework posits that organisations asserting conformance with these will coordinate their response to security incidents using processes to be defined elsewhere
14 June 15 Sirtfi at REFEDS, Kelsey 3
Sirtfi – since TechX• Meeting after Internet2/Esnet TechX (Oct 2014)• A video meeting – 29th Jan 2015 • Doc moved to Google Docs and simplified• Document still evolving (now V1.8)
– Make public once we have a reasonable first draft• Still unresolved matter
– When/how/must IdPs and SPs notify each other?• Not so much recent activity – waiting for AARC
14 June 15 Sirtfi at REFEDS, Kelsey 4
Coordinated activities• REF 15-4D REFEDS Incident Response
Framework WG– Charter/Strategy being worked on (Licia et al)
• REF 15-6D - SIRTFI itself• EU H2020 AARC
– NA3 Task 2 – Incident Response (CERN, Romain Wartel)
• Split of work still to be agreed• And relation to other activities?
– E.g. Shared Signals and the Confyrm Event Warning Services
14 June 15 Sirtfi at REFEDS, Kelsey 5
Possible next steps• Finalize V1 of the Sirtfi document• Define how an organization can adopt Sirtfi • Explore ways to implement the framework by use of
entity category or trust marks:– Entity category approach?– Or as an assurance profile?
• Guidelines for security contact information in metadata• Workflow to initiate response to a security incident• Test with limited number of IdPs/SPs• Feedback will be important – from REFEDS and FIM4R
14 June 15 Sirtfi at REFEDS, Kelsey 6
More information
• Mail list – [email protected]• wikihttps://wiki.refeds.org/display/GROUPS/SIRTFI
• Latest draft Sirtfi document (V1.8)http://goo.gl/2xnf2G
14 June 15 Sirtfi at REFEDS, Kelsey 7
Questions?
14 June 15 Sirtfi at REFEDS, Kelsey 8
Top Related