Security Incident and Assurance in FIM
Time 10/05/15 11:20AM-01:00PM
Room Room 13
Session Abstract
There has been about 10 years use of federated access management. Federations are now in production in many of the NREN operated federations, with plans to cover not only HE but also schools.
There is now a real interest in using federated access also among the research collaborations that were instrumental for the FIM4R paper [1].
One of the aspects highlighted by that document is the lack of an agreed process to deal with security incidents when using federated access. Although many federations have procedures to deal with these aspects, these procedures are often not known to the relying parties.
Towards the end of 2014, a group of interested people started work to harmonise this space. This group is known as Sirtfi [2].
The work of some of the people involved in Sirtfi is now funded via the AARC project [3].
Another aspect that has been discussed for several years is assurance. There are already some assurance frameworks in place, but none of them seem to fully meet the requirements of the research collaborations or of the IdPs that have ultimately support them.
Who should attend?
To make this working group session as interactive as possible and to represent all the interested parties, we hope to have campus IdP operators, research collaborations and those involved in federation operations.
References
[1] https://cdsweb.cern.ch/record/1442597
[2] https://wiki.refeds.org/display/GROUPS/SIRTFI
[3] https://aarc-project.eu/
Speakers
Speaker Licia Florio GÉANT
Primary track Trust and Identity