Speaker
Ms
Hannah Short
(CERN)
Description
The expanding network of Higher Education and Research facilities through inter-federation, whilst extremely valuable for collaboration and online security at large, exposes an inviting new vector of attack for malicious actors. A single compromised account may provide an entry point to this global network of resources linking thousands of organisations. How can we coordinate a response spanning countries and continents? How can we build trust between organisations in our communities? What lessons can we learn from existing architectures, such as WLCG?
REFEDS (the Research and Education FEDerations group), in conjunction with the European Commission funded AARC Project (Authentication and Authorisation for Research and Collaboration), is spearheading the Security Incident Response Trust Framework for Federated Identity (Sirtfi) as a method for mitigating the impact of security incidents in our federated world. This framework provides a list of statements which an organisation must self-assert to be deemed Sirtfi compliant, such as “[OS4] A user’s access rights can be suspended, modified or terminated in a timely manner”. We are reaching out to members of academic communities to provide support and pilot the initiative.
Organic global trust groups already provide a platform for informal alliances within academia, research and industry, however there is a need for heightened transparency, inclusivity and structure to facilitate this process. The lack of centralised governance within this space, in contrast to individual organisations or even national federations, calls for a standard procedure that can be adopted by all participants. What role will individuals play as this network grows in magnitude? In this talk we will focus on the requirements for this trust framework and its implications on trust and collaboration. Join us as we explore the practicalities of closing the loop on federated security and discuss real-world scenarios.
This talk falls under “Networking, Security, Infrastructure & Operations”
Summary
How can we raise security and trust in our increasingly complex, inter-federated world?
Primary author
Ms
Hannah Short
(CERN)
Co-author
Romain Wartel
(CERN)
