Can R&E federations trust Research Infrastructures? - The “Snctfi” Trust Framework
2017 December 06
Research Infrastructures increasingly use national and global “Research and Education” (R&E) authentication federations to provide access to their services. Studies in the AARC project have shown that research communities connect to the R&E federation using an ‘SP-IdP proxy’. The use of a proxy in itself poses policy challenges. As seen by the R&E federations, the SP-IdP proxy hides all of the research services. Home organisations and R&E federations see just a single service provider, even if the services behind it are provided in hundreds of different administrative domains. Building on the Security for Collaboration among Infrastructures (SCI) framework, the “Security Networked-Community Trust-framework for Federated Identity” (Snctfi) proposes a policy framework that allows determination of the ‘quality’ of such SP-IdP proxies and the research services behind them. “Snctfi” allows comparison between proxies, and it allows a scalable way to negotiate and filter based on such policies. We present here version 1 of the “Snctfi” trust framework.