Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Snctfi is the "Scalable Negotiator for a Community Trust Framework in Federated Infrastructures"

The latest Snctfi document (draft V0.3) is at

The previous version (V0.2) now frozen may still be viewed at

Building on the structures of the Security for Collaboration among Infrastructures (SCI) framework, the “Security Negotiator for Community Trust Framework in Federated Infrastructures” (Snctfi) proposes a policy framework that allows determination of the 'quality' of such SP-IdP proxies and the community of SPs behind the Proxy. For example, a SP-IdP-proxy for EGI – proxying for all its compute and storage services – would be able to express to the R&E federation space that is has an internally-consistent policy set, that it can make collective statements about all its constituent services and resource providers, and that it will abide by best practices in the R&E community, such as adherence to the Data Protection Code of Conduct (DPCoCo), REFEDS Research and Scholarship (R&S) entity category, Sirtfi – the security incident response trust framework that is in itself a separate development from the SCI structure.

By addressing the structure of the security policy set that binds services ‘hiding’ behind the SP-IdP proxy, Scntfi allows comparison between proxies, assign trust marks for meeting requirements, and it allows a scalable way to negotiate and filter based on such policies. It eases authentication and attribute release by R&E federations as well as service providers (by easier enrolment in federations and because R&E IdPs may be more willing to release attributes if the proxy can convincingly assert DPCoCo and R&S), but also aids assessment by generic e-Infrastructures providers that know the RI proxy meets their trust requirements.

The Snctfi work is managed through the Interoperable Global Trust Federation IGTF with support from AARC and other contributors:

The Snctfi version of April 25th has also been submitted as a paper to the ISCG 2017 conference: