Page History

...

Phase

Description

Work Items

Status

Phase 1

Develop the SIRTFI Trust Framework specification, which defines basic security incident response capabilities to which member organizations can self-assert compliance.

This initial draft is intended to be a simplified framework that lays the groundwork for how such an approach should be defined. Significant effort will be needed to understand how this might be deployed in the existing R&E FIM environment.

~~Draft SIRTFI document for consultation.~~
~~Consultation to support development of public v1.0.~~
~~Decide whether IdP notification of compromised account belongs in v1.0 or will be slated for v2.0 in alignment with Phase 3 work.~~
~~Propose / finalise entity metadata schema for security contacts.~~
~~Propose / finalise entity attribute profile to signify adherence with Sirtfi public v1.0.~~

Status

colour	Green
title	Complete

SIRTFI Consultation: Framework

Sirtfi v1.0 approved by the REFEDS steering committee and published.

Metadata extensions confirmed Guide for Federation Participants

Sirtfi added to IANA assurance profiles registry. https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml

Phase 2

Establish the means by which member organisations in all R&E federations can indicate their compliance with the SIRTFI Trust Framework, how they can be contacted to participate in a coordinated response to a federated security incident.

Define the roles and responsibilities of the various parties in managing federated security incidents, information sharing guidelines, tools, procedures, and templates.

~~Produce educational and communication materials for REFEDS to promulgate to member R&E federations.~~
Promulgate educational and communication materials to help R&E federations to promote and support Sirtfi public v1.0 adoption.
Test incident response process and use of security contact metadata in simulated activity.
Implement processes by which to maintain and broadcast security contact information and Sirtfi trust framework adherence, outside standard federation metadata publication mechanisms.
Establish communication channels for security information exchange and incident report sharing.
Define incident response procedures for federations, including communication templates, and support the community in their adoption.
~~Implement metadata extension for security contact information.~~
~~Implement metadata profile to signify Sirtfi public v1.0 adherence.~~

Status


colour	Yellow
title	STARTED

Will follow phase 1. Some work incorporated into AARC2 work plan.

GN4-2 will support tools for maintaining security contacts and monitoring adherence.

"Incident Response for R&E Federations"

SIRTFI+ Registry Proof of Concept as GEANT T&I incubation project to be delivered to LIGO

Status

colour	Green
title	Complete

Homepage https://refeds.org/sirtfi

Metadata Guide for Federation Participants

Moodle training course for Sirtfi developed under AARC

Two annual table top exercises

Phase 3

Establish the means for proactive notification of an account compromise when it can be expected to produce a substantial impact to an at-risk SP organisation.

Analyse suitability of existing identity event notification solutions to R&E federations, and potentially define and set up means for IdP organizations to issue events related to account compromises to SPs registered as at-risk .
Develop tools to help IdPs identify accounts that have been used to access specified SPs.
Define Sirtfi version 2 to include the requirement to notify affected participating organisations of security incidents

Status

title	Pending

Will follow phase 2.

Group Tools:

Mailing list archive: https://www.terena.org/mail-archives/sirtfi/threads.html. has been migrated to https://lists.refeds.org/sympa/info/sirtfi. Join the SIRTFI list at: https://lists.refeds.org/sympa/info/sirtfi.

...

https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf The published version of Sirtfi 1.0
http://goo.gl/2xnf2G is the old working document for the framework on Google Docs.
Proposed workplan.
Sirtfi Normative Description: https://refeds.org/wp-content/uploads/2016/11/Sirtfi-certification-v1.0.pdf
GN4 Sirtfi Interview Survey Report
SIRTFI+ Registry Requirements

...

FIM4R BoF at TNC2014.
REFEDS, October 2014.
FIM4R, CERN, February 2015.
TechEx, Cleveland, October 2015
FIM4R, EWTI, December 2015
Kantara, Working Group Special meeting, April 2016
Internet2 Webinar, May 2016
TF-CSIRT, May 2016
AARC Meeting, Incident Response, May 2016
SWITCH ICT Focus, November 2016
IAMOnline Europe, March 2017
WISE, March 2017
TNC17, May 2017
DeIC Conference, September 2017
TNC18, June 2018
REFEDS @ TechEX, October 2018
HOW19, March 2019

...

8th June 2014 in Amsterdam, Netherlands.
Morning of 31st October 2014 in Indianapolis, Indiana.
17 June 2015, informal gathering during TNC 2015
6 October 2015, informal gathering during TechEx
28 September 2016, ACAMP Session
22nd February 2017, TIIME Workshop Session

Virtual Meetings:

1st October 2014 at 16.30 CEST via Skype.
29th January 2015 via Skype.
14th December 2015 via Vidyo, Consultation Feedback and Changes
25th January 2016 via Vidyo
18th April 2016 via Vidyo SIRTFI 44958284
6th July 2016 via Vidyo SIRTFI 44958284
9th August 2016 via Vidyo SIRTFI 44958284
2nd November 2016 via Vidyo Sirtfi Normative Description Consultation Followup
9th Feb 2017 via Vidyo SIRTFI 44958284
12th of July 2017 via Vidyo SIRTFI 44958284
7th of August 2017 via Vidyo Sirtfi Call August 2017.pdf
2nd of October 2017 via Vidyo Sirtfi Call September 2017
4th of December 2017 via Vidyo Notes Sirtfi Call December 4th 16_00.pdf
29th of January 2018 via Bluejeans Sirtfi Registry Call 29_01_2018.pdf
14th of April 2018 via Bluejeans 20180412 Sirtfi WG call notes.pdf
28th April 2018 via Zoom 20180426 Sirtfi WG call notes.pdf
10th May 2018 via Zoom 20180510 Sirtfi WG call notes.pdf
24th May 2018 via Zoom 20180524 Sirtfi WG call notes.pdf
7th June 2018 via Zoom 20180607 Sirtfi WG call notes.pdf
21st June 2018 via Zoom 20180621 Sirtfi WG call notes.pdf
5th July 2018 via Zoom 20180705 Sirtfi WG call notes.pdf
2nd August 2018 via Zoom 20180802 Sirtfi WG call notes.pdf
16th August 2018 via Zoom 20180816 Sirtfi WG call notes.pdf
30th August 2018 via Zoom 20180830 Sirtfi WG call notes.pdf
27th September 2018 via Zoom 20180927 Sirtfi WG call notes.pdf
11th October 2018 via Zoom 20181011 Sirtfi WG call notes.pdf
25th October 2018 via Zoom 20181025 Sirtfi WG call notes.pdf
8th November 2018 via Zoom 20181108 Sirtfi WG call notes.pdf
6th December 2018 via Zoom 20181206 Sirtfi WG call notes.pdf
20th December 2018 via Zoom 20181220 Sirtfi WG call notes.pdf
17th January 2019 via Zoom 20190117 Sirtfi WG call notes.pdf
31 January 2019 via Zoom 20190131 Sirtfi call notes.pdf
28 February 2019 via Zoom 20190228 Sirtfi call notes .pdf
14 March 2019 via Zoom Sirtfi call notes 20190314.pdf
28 March 2019 via Zoom Sirtfi call notes 20190328.pdf
11 April 2019 via Zoom 20190411 Sirtfi call notes.pdf
25 April 2019 via Zoom 20190425 Sirtfi call notes.pdf

Calendar:

...

Material	Audience	Format	Link
Benefits of Sirtfi	All	PDF	https://refeds.org/wp-content/uploads/2016/02/Why_Sirtfi.pdf
Technical changes	Fed Ops	Wiki	Guide for Federation Operators
Outreach Package	Fed Ops	Wiki	Guide for Federation Operators#SampleOutreachLetterforFederationParticipants
Steps to follow	Entities	Web Page	Guide for Federation Participants
FAQs	Entities	Web Page	General: https://refeds.org/sirtfi/sirtfi-faqs Technical: FAQs
Logo (to act as a trust mark on compliant sites)	Entities	Image	SIRTFI_logo.eps
Sirtfi Framework Doc	All	PDF on Web Page	https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf
Summary poster	All	Poster	SIRTFI 44958284
Sirtfi emailer helper	End users	Web page	http://sirtfi.cern.ch
Sirtfi Moodle Course	Entities	Moodle	https://e-academy.geant.org/moodle/

...

Child pages

Versions Compared

Old Version 70

New Version 71

Key

Group Tools:

Virtual Meetings:

Calendar: