Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Published byHorace Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated."— Presentation transcript:

1 Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated by DG …

2 Federated IdM for Research (FIM4R) Includes photon & neutron facilities, social science & humanities, high energy physics, climate science, life sciences and ESA Aim: define common vision, requirements and best practices Vision and requirements paper published https://cdsweb.cern.ch/record/1442597 26 Oct 14SIRTFI, Kelsey2

3 FIM4R paper Operational requirements include: Traceability. Identifying the cause of any security incident is essential for containment of its impact and to help prevent re-occurrence. The audit trail needs to include the federated IdPs. Appropriate Security Incident Response policies and procedures are required which need to include all IdPs and SPs. 26 Oct 14SIRTFI, Kelsey3

4 26 Oct 14SIRTFI, Kelsey4

5 26 Oct 14SIRTFI, Kelsey5

6 26 Oct 14SIRTFI, Kelsey6

7 26 Oct 14SIRTFI, Kelsey7

8 26 Oct 14SIRTFI, Kelsey8

9 Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures –EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, … Developed out of EGEE – security policy group We are developing a Trust framework –Enable interoperation (security teams) –Manage cross-infrastructure security risks –Develop policy standards –Especially where not able to share identical security policies Version 1 of SCI document http://pos.sissa.it/archive/conferences/179/011/ISGC%202013_011.pdf 26 Oct 14SIRTFI, Kelsey9

10 SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities –Individual users –Collections of users –Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/Personally Identifiable Information 26 Oct 14SIRTFI, Kelsey10

11 Sir-T-Fi – 1 st Meeting A Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) After discussions at TNC2014 Meeting at TERENA offices 18 th June –David Groep, Leif Johansson, Dave Kelsey, Leif Nixon, Romain Wartel –Remote: Tom Barton, Jim Basney, Jacob Farmer, Ann West –Apologies from Ann Harding, Von Welch, Scott Koranda, Licia Florio, Nicole Harris 26 Oct 14SIRTFI, Kelsey11

12 Sir-T-Fi scope Discussed general aims and thoughts –For now only address security incident response –Assurance profile to meet requirements on incident response –Needs to be light weight - IdPs self assert –Federation Operators act as conduits of information from IdP –Need a flag of compliance (for relying parties) In IdP metadata Could be per user –Use eduPersonAssurance or “SAMLAuthenticatonContextClassRef” in assertions from IdP First modifications to SCI document –Operational Security, Incident Response and Traceability 26 Oct 14SIRTFI, Kelsey12

13 Sir-T-Fi since June Progress made in phone confs, ACAMP, and F2F during I2TechX Mail list – sirtfi@terena.org Wiki https://refeds.terena.org/index.php/SIRTFI https://refeds.terena.org/index.php/SIRTFI Document evolving –Make public once we have a reasonable first draft 26 Oct 14SIRTFI, Kelsey13

14 Some text from document Abstract The Sir-T-Fi group (Security Incident Response Trust Framework for Federated Identity) is a collaborative activity of information security professionals from national identity federations and distributed IT infrastructures in the research & education sector. Its aim is to simplify the management of cross-infrastructure operational security risks, to build trust and develop policy standards for collaboration in security incident response. 26 Oct 14SIRTFI, Kelsey14

15 Example Text (2) Security Incident Response Each Claims Processor must: [IR1] Provide security contact information who will respond in a timely manner according to current best practice, e.g. one working day. [IR2] Have an established Incident Response procedure. This must address: roles, authority, and responsibilities; identification and assessment of an incident; minimising damage, response and recovery strategies; [IR3] The ability and the willingness to collaborate in the handling of a security incident with affected Claims Processors; [IR4] Respect and should use the TLP (ref) information disclosure policy. 26 Oct 14SIRTFI, Kelsey15

16 Next steps Updated at ACAMP in October with I2/InCommon Very positive contributions from Campusses and InCommon –Many are doing the Right Thing already Input from others, e.g. http://www.cic.net/docs/default- source/technology/federated_security_incident_response.pdf EU H2020 AARC –Can provide test use cases –Has this as a policy activity in NA3 Activity is very much open (specifically for CSIRT/SP/IdP/Fed Ops) –Practical focus on OpSec/IR Trust in federated space –People welcome to join –Ask Nicole Harris if you wish to join mail list 26 Oct 14SIRTFI, Kelsey16

Download ppt "Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated."

Similar presentations

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.

Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI CF, FIM workshop 11 Apr 2013.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI CF, FIM workshop 11 Apr 2013.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Similar presentations

Ads by Google