federated_incidentThe increasing scale and connectedness of R&E federations, whilst extremely valuable for collaboration, does expose an inviting new vector of attack for malicious actors. A single compromised account may provide an entry point to this global network of resources linking thousands of organisations. It is only a matter of time before large-scale, coordinated action from multiple federation participants is required to successfully respond to a federated incident.

The need for a Security Incident Response Trust Framework for Federated Identity (Sirtfi) was identified in the 2013 paper “A Trust Framework for Security Collaboration among Infrastructures” and was picked up by REFEDS, leading to the creation of a Sirtfi Working Group. Work was included in the Authorisation and Authentication for Research and Collaboration (AARC) Project in 2015, which aims to develop an integrated cross-discipline authentication and authorisation framework – including Incident Response. Consequently, in January 2016, version 1.0 of Sirtfi was published via REFEDS following community consultation.

Sirtfi addresses the reluctance of organisations to participate in eduGAIN based on the lack of well defined and shared security practices to handle potential security incidents. The assertion statements in Sirtfi describe practices and attributes that identify an organisation as being capable of participating in collaborative incident response. The framework stipulates preventative measures to protect an organization from attack, and behaviour to adopt in the event of an incident.

Compliance with Sirtfi is expressed in metadata and gives a transparent view of those organisations willing and able to engage. The credibility gained by asserting Sirtfi compliance will open doors within eduGAIN as organisations choose to enable authentication based on this enhanced trust.

In order for this framework to work, federation participants must first adopt it. The next step for the Sirtfi working group is to begin outreach within the community. Through the AARC Project we will be creating training material for both federation participants and federation operators, centred around the REFEDS Sirtfi site https://refeds.org/sirtfi. Sirtfi will be entered in the IANA registry of Level of Assurance Profiles to cement the credibility of the framework. Participants in WAYF, CSC and SWITCH have expressed interest in being among the first to test the benefits that Sirtfi brings.

Thanks go to those involved with Sirtfi at both REFEDS and AARC for tackling this challenge. Watch this space for the future developments within Federated Incident Response!