AARC2 work can be found at AARC2 NA3 Task 3.1 - Operational Security and Incident Response
Sirtfi is ready for adoption! The list of Sirtfi compliant Federation Participants can be seen on the eduGAIN Technical site by selecting "asserted" in the Sirtfi dropdown: https://technical.edugain.org/entities
Ongoing Security Incident or a nasty suspicion?
Follow the Generic security incident response procedure for federations, and remember to also involve your local federation. Read up at https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf and remember that the eduGAIN technical site has all the site contacts.
Security incident response is also an element of the self-assessment process started for the Assurance Profile task (TNA3.1)This , and an integral part of the GEANT Data Protection Code of Conduct version 2 draft specification. This AARC task also supports the work towards a globally recognised security contact in federation meta-data as part of the Sirtfi v1.0 implementation plan.The GN44-, which is co-supported by the GEANT Project's 'SIRTFI' task (GN4-2-JRA3-T1: SIRTFI task), where - in collaboration with AARC , is developing - additional Sirtfi processes and tooling under the GEANT project. are developed.
The current state of Sirtfi process implementation, and how it works out in (simulated) security challenges, is periodically probed through the AARC project. The first challenge was conducted in March 2018 (described in AARC2's 'MNA3.3'), and the report and lessons learned are available in the first challenge report.