Skip to Content.
Sympa Menu

fir-us - Sirtfi Incident Response: Credential compromise

Subject: Federated Incident Response

List archive

Sirtfi Incident Response: Credential compromise


Chronological Thread 
  • From: Brett Bieber <>
  • To:
  • Subject: Sirtfi Incident Response: Credential compromise
  • Date: Mon, 06 Apr 2015 14:21:17 +0000

Scott Koranda posted the following comment in the Incident Response section of the Google-doc:
"This section describes an organization's interactions with other organizations participating in the framework. So why does an agreement that one organization aware of an incident will notify the other not belong in this document and in this section?

Scott's comment raised some similar questions in my head that could occur when a subject believes their credential has been compromised, and the follow-on situation—when the IdP operator believes one of their user's credentials has been compromised.

There's nothing in the document that describes any relationship to the subjects/actors, besides some logging/traceability and the ability to contact users. There's also no obligations or requirement placed on the member to notify other Sirtfi members of an incident, only that they're "...able and willing to collaborate...with [other Sirtfi participants]"

I feel that Sirtfi members should be able and willing to respond to an incident report from their own users (which are not themselves Sirtfi members), and to notify known affected Sirtfi participants.

Were those aspects intentionally omitted from the IR section? and
Is it acceptable/understood that the established incident response process at the participant [IR4], will includes these aspects, and can be left out of the IR section?

Thanks,

-Brett



  • Sirtfi Incident Response: Credential compromise, Brett Bieber, 04/06/2015

Archive powered by MHonArc 2.6.16.

Top of Page