The Security Incident Response Trust Framework for Federated Identity (Sirtfi) aims to enable the coordination of incident response across federated organisations. This assurance framework comprises a list of assertions which an organisation can attest in order to be declared Sirtfi compliant. Visit our Wiki to discover how your organisation can prepare itself for Federated Incident Response with Sirtfi.
REFEDS’ Sirtfi Working Group has been active since 2014 and combines expertise in operational security and incident response policy from across the REFEDS community. Work to publish and implement the Sirtfi Trust Framework is supported by the AARC Project.
A moodle course on Sirtfi explaining how the framework can be adopted by Identity Providers and Service Providers is available.
How does Sirtfi support research?
Read the Laser Interferometer Gravitational Wave Observatory’s (LIGO) public letter regarding enabling participation in international research collaborations via federated identities – including promoting “the adoption of research-friendly standards, like the Research and Scholarship Entity Category and Sirtfi trust framework”
ORCID provides a persistent digital identifier for researchers. A secure service is at the heart of what they do. “To ensure an effective security incident response, Service Providers and Identity Providers need to coordinate efforts. Sirtfi provides a component necessary for trust in identity federations, and the community would benefit from widespread adoption.”
Through the FIM4R Community, the Worldwide Large Hadron Collider Computing Grid (WLCG) have expressed their dependency on “a well-defined framework to ensure sufficient trust and security among the different IdPs and relying parties” as a pre-requisite to allowing scientists to authenticate using a credential from their home organisation. Sirtfi significantly contributes to fulfilling this requirement.