Assurance

[Tom Barton <>]

Dear Colleagues,

Please consider reviewing and commenting on the REFEDS Assurance Framework v1.0 and its accompanying two initial assurance profiles, Cappuccino and Espresso. This is the result of a new approach to define levels of assurance: it is focused on addressing specific risks identified by a number of international research projects and research cyber infrastructures. There are other aspects that will interest some:

• Availability of "vector values" or "trust marks" for component capabilities that can contribute towards meeting one of the profiles.
• New profiles can be easily added by composing different components, or introducing new ones.
• Profiles need not be strictly ordered, ie, one need not be stronger or weaker than another.
• Other widely referenced or adopted assurance standards are respected, relying on their specification of a given component where that addresses one of the specific risks identified, rather than creating something similar but different.

The working group included strong participation by experts spanning the Atlantic. I hope that its Consultation Review similarly benefits!

Thanks,

Tom

-- 
Tom Barton
Sr Director and Chief Information Security Officer
IT Services, University of Chicago
+1 773 834 1700 (w)

-------- Forwarded Message --------

Subject:	[refeds] Consultation: REFEDS Assurance Framework
Date:	Fri, 21 Apr 2017 11:29:04 +0100
From:
Reply-To:
To:	,

Dear All

REFEDS is please to announce that a period of consultation is open on the REFEDS Assurance Framework.  This consultation opens today and will close at 5pm CEST on Friday 9th June 2017.  Information about the consultation, the framework documentation and how to participate can be found at: https://wiki.refeds.org/display/CON/Consultation%3A+REFEDS+Assurance+Framework.  All comments and dicussions should be made to the list, comments can also be added directly to the wiki or sent directly to myself.   Contributions sent to other lists or via other routes may not be included in the final assessment.  

The AARC project and the REFEDS Assurance Working Group have developed the proposed framework and two assurance profiles to be used by research and education federations in order to support a variety of assurance needs from service providers.  The framework and the profiles specifically avoid the concept of "levels"  - recognising on the one hand that the required assurance needs of any given scenario, group, or service do not necessarily map neatly on to a static hierarchy and on the other that home organisations can often meet some sets of requirements in different "levels" in traditional structures but can struggle to meet the complete requirements at any given level.  The REFEDS Assurance Framework and assurance profiles intend to meet known use-cases in a pragmatic and tailored way. 

With thanks to AARC for supporting man-power to create this proposal.

Please do let me know if you have any further questions. 

Best wishes

Nicole

--

Nicole Harris

PROJECT Development Officer

GÉANT - Amsterdam office

T: +31 (0) 20 530 4488

M: +31 (0) 646 105396

Skype: harrisnv

PGP key Fingerprint: FD61 E288 14C7 432E 7AF5 D3B1 FB5B 8024 1BFD 94BB

Networks • Services • People

Learn more at www.geant.org

GÉANT is the collective trading name of the GÉANT Association in Amsterdam, NL, and of GEANT Limited in Cambridge, UK.

The GÉANT Association is a non-profit organisation registered under Dutch law through the Chamber of Commerce in Amsterdam, registration number 40535155.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature