Skip to end of metadata
Go to start of metadata

The SIRTFI group is looking at processes for expressing security incident handling requirements as an assurance profile for federations and other requirements needed to effectively deploy and enhance incident response processes for FIM.  This wiki page details information relating to that work. 

The work of this group has been divided into three main phases:

PhaseDescriptionWork ItemsStatus
Phase 1

Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance.

This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined.  Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment.

  • Draft SIRTFI document for consultation.
  • Consultation to support development of public v1.0.
  • Decide whether IdP notification of compromised account belongs in v1.0 or will be slated for v2.0 in alignment with Phase 3 work.
  • Propose / finalise entity metadata schema for security contacts.
  • Propose / finalise entity attribute profile to signify adherence with Sirtfi public v1.0.

COMPLETE

SIRTFI Consultation: Framework

Sirtfi v1.0 approved by the REFEDS steering committee and published.

Metadata extensions confirmed Guide for Federation Participants

Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml

Phase 2

Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework and how they can be contacted to initiate coordinated response to a federated security incident.

  • Produce educational and communication materials for REFEDS to promulgate to member R&E federations.
  • Promulgate educational and communication materials to help R&E federations to promote and support Sirtfi public v1.0 adoption.
  • Test incident response process and use of security contact metadata in simulated activity.
  • Implement processes by which to maintain and broadcast security contact information and Sirtfi trust framework adherence, outside standard federation metadata publication mechanisms.
  • Establish communication channels for security information exchange and incident report sharing.
  • Define incident response procedures for federations, including communication templates, and support the community in their adoption.
  • Implement metadata extension for security contact information.
  • Implement metadata profile to signify Sirtfi public v1.0 adherence.

STARTED

Will follow phase 1. Some work incorporated into AARC2 work plan.

Homepage https://refeds.org/sirtfi

Metadata Guide for Federation Participants

GN4-2 will support tools for maintaining security contacts and monitoring adherence

Moodle training course for Sirtfi under AARC

Phase 3

Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation.

  • Analyse suitability of existing identity event notification solutions to R&E federations
  • Define and set up means for IdP organizations to issue events related to account compromises.
  • Develop tools to help IdPs identify accounts that have been used to access SPs that have registered themselves as being at-risk.
  • Define Sirtfi version 2 to include the requirement to notify affected participating organisations of security incidents

PENDING

Will follow phase 2. Work incorporated into AARC2 work plan.

 

Group Tools:

Mailing list archive: https://www.terena.org/mail-archives/sirtfi/threads.html.  has been migrated to https://lists.refeds.org/sympa/info/sirtfi.  Join the SIRTFI list at: https://lists.refeds.org/sympa/info/sirtfi.

Technical Training Wiki: SIRTFI Home 

Security Contact Metadata Extension: Security Contact Metadata Extension Schema 

Sirtfi Home Page (Public Facing): https://refeds.org/sirtfi  

Group Documents:

Presentations:

SIRTFI has been presented at the following events:

Face to Face Meetings:

  • 8th June 2014 in Amsterdam, Netherlands.  
  • Morning of 31st October 2014 in Indianapolis, Indiana.
  • 17 June 2015, informal gathering during TNC 2015
  • 6 October 2015, informal gathering during TechEx
  • 28 September 2016, ACAMP Session 
  • 22nd February 2017, TIIME Workshop Session

Virtual Meetings:

Calendar:

  1. EDIT THE CALENDAR

    Customise the different types of events you'd like to manage in this calendar.

    #legIndex/#totalLegs
  2. RESTRICT THE CALENDAR

    Optionally, restrict who can view or add events to the team calendar.

    #legIndex/#totalLegs
  3. SHARE WITH YOUR TEAM

    Grab the calendar's URL and email it to your team, or paste it on a page to embed the calendar.

    #legIndex/#totalLegs
  4. ADD AN EVENT

    The calendar is ready to go! Click any day on the calendar to add an event or use the Add event button.

    #legIndex/#totalLegs

Training Material/Outreach Inventory:

Material

Audience

Format

Link

Benefits of Sirtfi

All

 

PDF 

https://refeds.org/wp-content/uploads/2016/02/Why_Sirtfi.pdf

Technical changes

Fed Ops

Wiki

Guide for Federation Operators

Outreach Package

Fed Ops

Wiki

Guide for Federation Operators#SampleOutreachLetterforFederationParticipants

Steps to follow

Entities

Web Page

Guide for Federation Participants

FAQs

Entities

Web Page

General: https://refeds.org/sirtfi/sirtfi-faqs
Technical: FAQs

Logo (to act as a trust mark on compliant sites)

Entities

Image

Sirtfi Framework Doc

All

PDF on Web Page

https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf

Summary poster

All

Poster

TNC16 Sirtfi Poster 20160428.pdf

Sirtfi emailer helperEnd usersWeb pagehttp://sirtfi.cern.ch
Sirtfi Moodle CourseEntitiesMoodlehttps://e-academy.geant.org/moodle/

External Resources:

  • No labels