Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Published byBaldwin Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015."— Presentation transcript:

1 Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015

2 Sirtfi? A Security Incident Response Trust Framework for Federated Identity Abstract This document identifies practices and attributes of organizations that may facilitate their participation in a trust framework called Sirtfi purposed to enable coordination of security incident response across federated organizations Audience This document is intended for use by the personnel responsible for operational security at Identity Providers and Service Providers, and by Federation Operators who may facilitate its adoption by their member organizations 14 June 15Sirtfi at REFEDS, Kelsey2

3 Sirtfi (2) Sirtfi trust framework aims to enable a coordinated response to a security incident in a federated context does not depend on a centralised authority or governance structure to assign roles and responsibilities The document defines a set of capabilities and roles associated with security incident response that an IdP or SP organisation self-asserts The Sirtfi trust framework posits that organisations asserting conformance with these will coordinate their response to security incidents using processes to be defined elsewhere 14 June 15Sirtfi at REFEDS, Kelsey3

4 Sirtfi – since TechX Meeting after Internet2/Esnet TechX (Oct 2014) A video meeting – 29 th Jan 2015 Doc moved to Google Docs and simplified Document still evolving (now V1.8) –Make public once we have a reasonable first draft Still unresolved matter –When/how/must IdPs and SPs notify each other? Not so much recent activity – waiting for AARC 14 June 15Sirtfi at REFEDS, Kelsey4

5 Coordinated activities REF 15-4D REFEDS Incident Response Framework WG –Charter/Strategy being worked on (Licia et al) REF 15-6D - SIRTFI itself EU H2020 AARC –NA3 Task 2 – Incident Response (CERN, Romain Wartel) Split of work still to be agreed And relation to other activities? –E.g. Shared Signals and the Confyrm Event Warning Services 14 June 15Sirtfi at REFEDS, Kelsey5

6 Possible next steps Finalize V1 of the Sirtfi document Define how an organization can adopt Sirtfi Explore ways to implement the framework by use of entity category or trust marks: –Entity category approach? –Or as an assurance profile? Guidelines for security contact information in metadata Workflow to initiate response to a security incident Test with limited number of IdPs/SPs Feedback will be important – from REFEDS and FIM4R 14 June 15Sirtfi at REFEDS, Kelsey6

7 More information Mail list – sirtfi@terena.orgsirtfi@terena.org wiki https://wiki.refeds.org/display/GROUPS/SIRTFI Latest draft Sirtfi document (V1.8) http://goo.gl/2xnf2G 14 June 15Sirtfi at REFEDS, Kelsey7

8 Questions? 14 June 15Sirtfi at REFEDS, Kelsey8

Download ppt "Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015."

Similar presentations

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
SAML Right Here, Right Now Hal Lockhart September 25, 2012.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.
GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.

GFIPM FICAM Status Update GFIPM Delivery Team Meeting November 2011.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]

AuEduPerson Schema Schema Derived from: - eduPerson - person [RFC 4517, RFC 4519] - organizationalPerson [RFC 4517, RFC 4519] - inetOrgPerson [RFC 2798]
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Similar presentations

Ads by Google