Snctfi - the Scalable Negotiator for a Community Trust Framework in Federated Infrastructures
Building on the structures of the Security for Collaboration among Infrastructures (SCI) framework, the “Security Negotiator for Community Trust Framework in Federated Infrastructures” (Snctfi) proposes a policy framework that allows determination of the 'quality' of such SP-IdP proxies and the community of SPs behind the Proxy. For example, a SP-IdP-proxy for EGI – proxying for all its compute and storage services – would be able to express to the R&E federation space that is has an internally-consistent policy set, that it can make collective statements about all its constituent services and resource providers, and that it will abide by best practices in the R&E community, such as adherence to the Data Protection Code of Conduct (DPCoCo), REFEDS Research and Scholarship (R&S) entity category, Sirtfi – the security incident response trust framework that is in itself a separate development from the SCI structure.
Snctfi and the IGTF
The research leading to these results has received funding from the European Community’s Horizon2020 Programme under Grant Agreement No. 653965 (AARC).
This paper identifies operational and policy requirements to help establish trust between an Infrastructure and identity providers either in an R&E Federation or in another Infrastructure, in each case joined via a Service Provider to Identity Provider proxy.
This document is intended for use by the personnel responsible for the management, operation and security of an Infrastructure and those wishing to assess its trustworthiness.
Read the Snctfi framework, apply it to your infrastucture, and share it with peers and R&E federations to foster global interoperability: