![]() ![]() Participant Site Administrators can now manage Sirtfi status for all systems that are part of the Federation. recently made self-management of the security contact and Sirtfi flag available. This framework asks that each federation entity, ie, Identity and Service Providers, contain security contact information in its federation metadata that normal security incident response procedures associated with it reasonably address the statements in the Sirtfi specification and if so, that a Sirtfi tag is attached to the entity. It specifies a means to publish your readiness for incident response in federation metadata. Sirtfi is an international framework for federated security incident response. , alongside international partners, strongly urge federation participants to be ready to manage federation-related security incidents. Many thanks to Incommon and REN-ISAAC for their input. Sample outreach letters have been provided below to assist with communication to your federation. ![]() Sample Outreach Letter for Federation Participants Best practice is to encourage adoption of Sirtfi v2 by your members but to support those members who wish to remain at v1. See Coexistence of Sirtfi v1 and v2 for details. There is no plan to deprecate v1 with the introduction of v2. Sirtfi and Sirtfi v2īoth original Sirtfi (v1) and Sirtfi v2 will remain supported for the indefinite future. They would simply request the Sirtfi contact details from an entity via email. Usually, federations choose to manage such metadata extensions centrally and act as the registrar. How should your federation participants add the two required extensions to their metadata? The Guide for Federation Participants describes the two extensions in further detail.īe sure to communicate how an entity should assert their compliance and add their Sirtfi contact. Should your federation already provide centralised federated security incident response, you may choose to leverage this existing capability. For more information, visit C hoosing a Sirtfi Contact. ![]() Your federation may wish to provide specific guidance on the choice of Sirtfi Contact. If you have no active members within REFEDS, contact us via and ask for the Sirtfi Working Group. Please reach out to your REFEDS contacts should you, as a federation operator, require assistance. The Sirtfi Framework does not itself entitle federation operators to limit which of their entities may self-attest to Sirtfi compliance, although Sirtfi also does not place any constraint on policies that each federation chooses to adopt. An FAQ maintained by the Sirtfi working group is available to help you. During the process of Sirtfi adoption, federation operators should anticipate providing support to entities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |