This list of Frequently Asked Questions is provided to complement the information contained in the Sirtfi Trust Framework Document.

General Questions

Q: What are the benefits of joining the Sirtfi trust network? 

A: A brochure detailing the benefits of Sirtfi is in progress [TBC] for overlapping content see: http://www.slideshare.net/HannahShort1/what-will-sirtfi-change-for-fim4r-55884279 

Q: How do I join the Sirtfi trust network?

A: Full instructions on how to express compliance with the framework can be found… [TBC]

Q: Who can I ask for help?
A:  Your Federation Operator will be able to guide you or, if required, redirect you to appropriate individuals within REFEDS. 

Q: What happens if an organisation fails to comply with the Sirtfi trust framework in the event of a federated incident?

A: The Sirtfi compliance element will be removed from the organisation's metadata... [TBC]

Q: Are there any requirements for data protection?

A: No data protection requirements are stipulated within the Sirtfi framework. An organisation should analyse their own risk profile in terms of personal data and take corresponding precautions.

Q: Are there any requirements for assurance of users' identity? For example, is there a security requirement for all accounts be linked to identifiable individuals?

A: This requirement contributes to the definition of the Level of Assurance (LoA) of an IdP. Requirements for LoA have not been included in the Sirtfi trust framework although there is a certain overlap. There is ongoing work in the AARC project to provide guidelines on a baselinelevel of assurance https://aarc-project.eu/workpackages/policy-harmonisation/  General questions are listed on the public facing site: https://refeds.org/sirtfi/sirtfi-faqs 

...

Questions on Sirtfi Assertions

...