[Tf-aai] Fwd: [refeds] Feedback Welcome: Self-Assessment Tool for Federations

Jozef Misutka misutka at ufal.mff.cuni.cz
Thu Mar 10 17:08:05 CET 2016 

FYI,

I think that even mentioning LoA for SPs in federations is quite a
significant move forward.

Best,
Jozef



---------- Forwarded message ----------
From: Arnout Terpstra <arnout.terpstra at surfnet.nl>
Date: 10 March 2016 at 16:35
Subject: Re: [refeds] Feedback Welcome: Self-Assessment Tool for Federations
To: refeds at lists.refeds.org
Cc: Mikael Linden <mikael.linden at csc.fi>, hannah.short at cern.ch


Hi Hannah,

SURFnet is also working on Self Assessment for institutions regarding
compliance, data protection and security. I forwarded your email to a
colleague who knows a lot more about it than me. He provided a bit of
feedback:

First of all, it looks promising, so good work! The main thing that he
thinks is missing, is reporting. From our perspective, reporting is
crucial, such that institutions can compare themselves with others and/or
even some sort of benchmark/baseline. He says those aspects are mentioned
in the document, but are not further elaborated in more detail.

Not sure if this is of any use for you, but you never know. Anyway, it
looks like there is some overlap between your work and ours, so if you're
interested in exchanging more details, please let me know and I'll hook you
up.

Best,
Arnout

On 10 Feb, 2016, w. 6, at 16:41 , Hannah Short <hannah.short at cern.ch> wrote:

Dear REFEDS Colleagues,

Mikael Linden, myself and various members of the community have been
working on the design of a Self Assessment tool for recording the adoption
of best-practices within federations. We are circulating the first draft to
gather feedback and gauge whether this would be a useful tool.

By way of introduction:
*"This document has been written following the identification of a need
within the Research and Education Federation communities for a tool by
which to express and monitor compliance with policies and best practices.
The self-assessment tool is intended to manage the quality standards
self-evaluation process for the entities registered to the eduGAIN [1]
inter-federation service. At the time of inception, the following use cases
were drivers for the development of a centralised, flexible tool: *

   - *the evaluation of Level of Assurance (LoA) for Identity Providers
   (IdPs)*
   - *the evaluation of LoA for Service Providers (SPs)*
   - *the assertion of compliance with the Security Incident Response
   Framework for Federated Identity (Sirtfi) [2] *
   - *the assertion of compliance with the Data Protection Code of Conduct
   (CoCo) [3]"*


Some of you will have already seen this on smaller threads, e.g. Sirtfi,
but we would welcome comments from the entire REFEDS community.
Please comment in the document or send myself and Mikael an email if there
is anything specific you would like to discuss.
https://docs.google.com/document/d/10kguCdxWn38z_EGRnrdjCI4GSeO44zFGeXWHGmzz27o/edit?usp=sharing


Best regards,
Hannah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20160310/56e962c4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: not available
URL: <https://lists.clarin.eu/cgi-bin/mailman/private/tf-aai/attachments/20160310/56e962c4/attachment.sig>

More information about the Tf-aai mailing list