Child pages
  • Sirtfi Consultation: Sirtfi Identity Assurance Certification Description

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Change Log for the Consultation on the SIRTFI Consultation.  Please fill in your comments and change requests below. Line numbers are available in the document for ease of reference.

John Krienke


Line 32


Introduces the concept of a "registrar." I believe this is a Federation Registrar, and I would like to suggest the addition of the Federation adjective. Later, in Line 62, the document makes mention of an "entity's registrar"; however, I think the meaning is intended to be Federation Registrar here as well, not a different registrar that belongs to the entity. Short of defining the term, the addition of "Federation" before registrar would help the reader know to whom the registrar reports and is responsible. If there are others who might be registrars (attribute authorities, etc) perhaps a defined term is called for to explain further who this might be and what the role is/is not. John Krienke(Leave Blank)The Sirtfi WG agreed that the word federation was not appropriate in this context.  No change recommended.

Line 32.


Related to Sirtfi v1.0 and the attribute named on Line 47. How will versioning be handled? I imagine the committee has already discussed this. Will the federation operator be required to support new attributes whenever the spec is versioned? It might be prudent to add a brief section to this document that discusses how versioning and updates will be handled in relation to the attribute namespace.line 47  John Krienke

Action to insert a change log at the top of the page to prepare for future versioning.


Line 76.


I'd like to recommend that the word "membership" be replaced by the word "certification" to remain consistent with Lines 1 and 47.


lines 1 and 47.

John Krienke Proposal accepted - Action to change reference.

Line 78.

Related to the requirement that a security contact MUST be in metadata (line 40), I have a question to consider. If an entity that is successfully tagged then later removes its security contact from metadata, is it the responsibility of the Federation (MUST?) to remove the Sirtfi tag from the entity? Or, is it the responsibility of the entity to notify the Federation registrar that the entity no longer complies? If the responsibility is the Federation's, this will become a requirement that our systems will need to automate against.

While any kind of business process could be mandated here the presence of entity attribute and security contact person element is something that's trivial to monitor for automatically, so not something one should lose sleep over. Cf. the CoCo (GEANT Data Protection Code of Conduct for Service Providers) monitor at 

John Krienke



Peter Schober

Action: agreed to add FAQ question - do I need a contact?

Action: Add a clause that an entity must remove their Sirtfi attribute if they remove their contact.


Line 103. Add a new MUST for the entity: “If the entity removes the security contact [CONTACT] from metadata, it MUST also remove the corresponding Sirtfi Attribute.”


Current Text / Reference
Proposed Text / Query