Federated Academic Community adopts international identity management standards
When it comes to identity management, we are talking about building a network of trust among the members of a federation. It is an indispensable service to facilitate the access of users from different institutions to a range of services, with unique login and password. Today, this area of knowledge is progressing to solve problems related to the interoperability between the services and the users' data security and privacy.
RNP's identity management service, the Federated Academic Community (CAFe), started adopting the best practices recommended by REFEDs, an organization which gathers the federation networks in the world: Metadata Registration Practice Statement (MRPS); R&S (Research and Education Federations Group), and SIRTFI, to respond to security incidents. This means that CAFe is in compliance with the global standards for identity federations.
Interoperability between services
Initially created upon recommendations by REFEDs, the Metadata Registration Practice Statement (MRPS) has become a mandatory item to assure compatibility with the automation of the already implemented process for adding new clients to an identity federation. To comply with this standard, RNP has prepared a document stating that CAFe follows these good practices and describes how they are implemented.
Data security and privacy
Security Incident Response Trust Framework for Federated Identity (SIRTFI) is a set of best practices and attributes that identify an organization as capable of coordinating the incident response among federated organizations. It raises the level of security maturity of a federation with implementation of controls to assure the confidentiality of the information, control of the logs, and defines preventive measures to protect an organization from attacks.
By complying with this international standard, RNP shows maturity in the Information Security subject, in the offer of advanced services to the community, and that it has a structured incident response team, who can collaborate in the resolution of any events. SIRTFI is also used as an identifier of reliable organizations on eduGAIN, Géant service that interconnects academic identity federations, enabling global access to services.
Research and Scholarship Category (R&S) is a global standard that defines a set of attributes to be released by the Identity Providers (IdPs) to the Service Providers (SPs).
Its purpose is to guarantee the users´ privacy, providing the minimum information necessary to access the resources. In practice, it eliminates the burden of the identity providers, once the Service Provider audit is done by the federation following the legal requirements.
Some advantages in adopting this standard are, for identity providers, such as universities, support to academic research, and for service providers available in the federation, less bureaucracy and more simplicity in the user access and management.
With 10 years of existence, the Federated Academic Community (CAFe) was the first academic federation in the country, and today, it is one of the five largest in the world in number of clients. The service is available in more than 280 education and research institutions served by RNP, and offers more than 70 services to the national and the international academic community. Its basic principle is to form a network of trust between the federation members, facilitating the offer of the other advanced services of RNP.