The expanding network of Higher Education and Research facilities through inter-federation, whilst generally perceived as extremely valuable for collaboration and online security at large, exposes inviting new possibilities for malicious attacks. A single compromised account may provide an entry point to this global network of resources linking thousands of organisations. How can we, the community, coordinate a response spanning countries and continents? How can trust be built between the organisations, and between the people, in our communities?
REFEDS (the Research and Education FEDerations group), in conjunction with the European Commission funded AARC Project (Authentication and Authorisation for Research and Collaboration), is spearheading the Security Incident Response Trust Framework for Federated Identity (Sirtfi) as a method for mitigating the impact of security incidents to federations. This framework provides a list of statements which an organisation must self- assert to be deemed Sirtfi compliant, spanning best practices in operational security to traceability.
Organic global trust groups already provide a platform for informal alliances within academia, research and industry, however there is a need for heightened transparency, inclusivity and structure to facilitate this process. The lack of centralised governance within this space, in contrast to individual organisations or even national federations, calls for a standard procedure that can be adopted by all participants. What role will individuals play as this network grows in magnitude? This paper, a summary of the presentation given at the International Symposium on Grids and Clouds 2016, explores the practicalities of closing the loop on federated security. A two fold approach is presented, building trust between organisations and between the individuals therein.