Overview
As part of the work for phase 1 of the SIRTFI implementation plan (https://wiki.refeds.org/display/GROUPS/SIRTFI), SIRTFI is proposing a security contact metadata extension, with the intent that it would be adopted by REFEDS member federations in order to allow handling of security incidents between federation partners. InCommon has been using the metadata schema extension outlined below for several years and it has proven useful for IdP and SP operators. A recent presentation by Jim Basney at the WISE workshop gives more detail.
The current implementation within InCommon metadata is defined in this XSD, maintained by Ian Young: https://github.com/ukf/ukf-meta/blob/master/xml/incommon-metadata.xsd.
The representation in metadata is on a per-entity basis, as below:
Security Contact Metadata Extension
<EntityDescriptor ... >
<ContactPerson xmlns:icmd="http://id.incommon.org/metadata"
contactType="other"
icmd:contactType="http://refeds.org/metadata/contactType/security">
<GivenName>Security Response Team</GivenName>
<EmailAddress>security@xxxxxxxxxxxxxxx</EmailAddress>
</ContactPerson>
</EntityDescriptor>
Proposal
The intention for this proposal is to use the REFEDS namespace for security contacts and as such the agreement of the REFEDS community is required. REFEDS Participants are invited to raise OBJECTIONS to the namespace being used for security contact data (as shown above) in this manner only.
The consultation opens on Monday 4th April 2016 and closes on Sunday 17th April 2016 at 5pm CEST.
Comments / Observations
Please place any comments or observations either here or in the comments below.