The Sirtfi framework (Security Incident Response Trust Framework for Federated Identity) is a mechanism to identify trusted and operationally secure partners in a federated authentication and authorisation environment. Sirtfi lists a number of requirements that organisations need to meet in order to be declared Sirtfi-compliant. As a result, Sirtfi is used to mark trusted partners within eduGAIN. Compliance is expressed in metadata and gives a transparent view of those organisations willing to engage in collaborative incident response.

Originating in the AARC Community, Sirtfi has been taken up by the global Research and Education Federations community REFEDS, and with global input has become the cornerstone of security incident response in national T&I federations and eduGAIN.

More about Sirtfi

• REFEDS Sirtfi specification and FAQ

Publications

• The Sirtfi framework v1.0 (PDF)
• Sirtfi version 2 – improved communications and notification (PDF)

Presentations

• An introduction to Sirtfi
• Impact of Sirtfi on FIM4R
• More presentations about Sirtfi (version 1)

Training

• Sirtfi Online Training (in GÉANT Learning Centre)
• Overview and how to adopt Sirtfi  (in REFEDS wiki)
• Improving incident response through collaboration: SIRTFI

Outreach

• Why Sirtfi?
• The Sirtfi poster
• Sirtfi explainer (hosted on Youtube)
• Sirtfi: chasing the bad-guys together (REFEDS blog)
• List of ID federations asserted by Sirtfi (eduGAIN website; filter for Sirtfi status on the bottom-right corner)
• Sirtfi FAQs (REFEDS website)

Sirtfi in the field

AARC RCAuth Pilot

This pilot addresses the SAML to X509 certificate token translation that is essential for many researchers, particularly those dependent upon distribution computing using client PKI authentication. By requiring that identity providers assert Sirtfi, in conjunction with the Research and Scholarship entity category, RCAuth is able to issue trusted IGTF certificates, which are accepted by major research infrastructures such as EGI.

CERN

Sirtfi provides the security contact of the home organisation for all users accessing CERN via eduGAIN. This is considered critical to ensure that any incident involving CERN, and the related computing infrastructure WLCG, is able to be handled efficiently. Without Sirtfi, identity providers in eduGAIN are not trusted to authenticate at the thousands of service providers that CERN manages.

Sirtfi was written by the REFEDS (the Research and Education FEDerations group) Sirtfi Working Group.