Following on from a community consultation, REFEDS is pleased to announce the publication of the Sirtfi Identity Assurance Certification Description v1.0. This forms the final document in the current Sirtfi document suite and as such we are pleased to recommend Sirtfi for deployment use in production environments.
Sirtfi – the Security Incident Response Trust Framework for Federated Identity – aims to enable the coordination of incident response across federated organisations. This assurance framework comprises a list of assertions which an organisation can attest in order to be declared Sirtfi compliant.
Sirtfi is formed of the following processes:
- The Sirtfi Framework, which allows Identity Providers and Service Providers to follow a simple self assessment process to attest Sirtfi compliance.
- A process for adding a security contact to your entity metadata, which is a required element of Sirtfi.
- Assertion of compliance with Sirtfi via the Identity Assurance Certification, published today.
The Sirtfi Working Group has published a handy Guide for Federation Participants, which describes the steps Identity Providers and Service Providers need to take to become compliant.
Sirtfi has been developed jointly by REFEDS and AARC. The next step for Sirtfi is to work with eduGAIN to support deployment in an interfederation environment.