Snctfi is the "Scalable Negotiator for a Community Trust Framework in Federated Infrastructures"
The latest Snctfi document is at
Building on the structures of the Security for Collaboration among Infrastructures (SCI) framework, the “Security Networked-Negotiator for Community Trust -framework for Federated Identity” Framework in Federated Infrastructures” (Snctfi) proposes a policy framework that allows determination of the 'quality' of such SP-IdP proxies and the community of SPs behind the Proxy. For example, a SP-IdP-proxy for EGI – proxying for all its compute and storage services – would be able to express to the R&E federation space that is has an internally-consistent policy set, that it can make collective statements about all its constituent services and resource providers, and that it will abide by best practices in the R&E community, such as adherence to the Data Protection Code of Conduct (DPCoCo), REFEDS Research and Scholarship (R&S) entity category, Sirtfi – the security incident response trust framework that is in itself a separate development from the SCI structure.
By addressing the structure of the security policy set that binds services ‘hiding’ behind the SP-IdP proxy, Scntfi allows comparison between proxies, assign trust marks for meeting requirements, and it allows a scalable way to negotiate and filter based on such policies. It eases authentication and attribute release by R&E federations as well as service providers (by easier enrolment in federations and because R&E IdPs may be more willing to release attributes if the proxy can convincingly assert DPCoCo and R&S), but also aids assessment by generic e-Infrastructures providers that know the RI proxy meets their trust requirements.
The Snctfi work is managed through the Interoperable Global Trust Federation IGTF with support from AARC and other contributors:
- the Scalable Negotiator for a Community Trust Framework in Federated Infrastructures
- contact the editors by email at snctfi@igtf.net
The Snctfi version of April 25th has also been submitted as a paper to the ISCG 2017 conference: