The expanding network of Higher Education and Research facilities through inter-federation, whilst generally perceived as extremely valuable for collaboration and online security at large, exposes inviting new possibilities for malicious attacks[1]. A single compromised account may provide an entry point to this global network of resources linking thousands of organisations. How can we, the community, coordinate a response spanning countries and continents? How can trust be built between the organisations, and between the people, in our communities?
REFEDS (the Research and Education FEDerations group)[2], in conjunction with the European Commission funded AARC Project (Authentication and Authorisation for Research and Collaboration)[3], is spearheading the Security Incident Response Trust Framework for Federated Identity (Sirtfi)[4] as a method for mitigating the impact of security incidents to federations. This framework provides a list of statements which an organisation must self- assert to be deemed Sirtfi compliant, spanning best practices in operational security to traceability.
Organic global trust groups already provide a platform for informal alliances within academia, research and industry, however there is a need for heightened transparency, inclusivity and structure to facilitate this process. The lack of centralised governance within this space, in contrast to individual organisations or even national federations, calls for a standard procedure that can be adopted by all participants. What role will individuals play as this network grows in magnitude? This paper, a summary of the presentation given at the International Symposium on Grids and Clouds 2016, explores the practicalities of closing the loop on federated security. A two fold approach is presented, building trust between organisations and between the individuals therein.