Incident Handling Process in Place for InCommon Federation
Change allows federation operator to take immediate remediation actions in the case of significant security incident
On July 11, 2016, the InCommon Steering Committee approved a change in the Federation Operating Policies and Practices (FOPP), a document that describes the activities, systems, and responsibilities of the InCommon Federation Operator. The change allows the federation operator to take immediate remediation actions in the case of a significant security incident.
This change was proposed by the InCommon Technical Advisory Committee and recognizes that the growth of InCommon, and interfederation with eduGAIN, increase the likelihood of a security incident and the need for positive action in such an event. This is a natural requirement as InCommon matures into an infrastructure that participants count on.
In parallel with the change to the FOPP, InCommon has drafted a Security Incident Handling Framework, which is available for review at: https://spaces.internet2.edu/x/lQdhBg.
We encourage you to review the new Security Incident Handling Framework, as well as the entire FOPP and specifically section 10.3.1, which is where the change was made. If you have questions or concerns about these changes, please email Ann West (firstname.lastname@example.org) and Nick Roy (email@example.com) by February 24, 2017.
The original and revised versions of section 10.3.1 are listed below.
On a related topic, in November InCommon used the then-draft Incident Handling Framework to respond to an incident involving the release of duplicate user identifiers from two InCommon Identity Providers. During the process, we worked with other national federation operators, eduGAIN interfederation staff in the EU, site administrators and security contacts at two InCommon sites, the ORCID service, and software developers. You can read the incident report (and all future such reports) in the Published Security Incident Reports section of the InCommon Federation Incident Handling page: https://spaces.internet2.edu/x/lQdhBg.
Original and Changed FOPP Section 10.3.1
Original FOPP Section 10.3.1 - "Suspension for reasons of security"
A Participant may request the suspension of any Federation services in the case of Administrator credential compromise, participant key compromise, or other security compromise within the Participant's systems. This request may be made via e-mail or telephone from the Executive or Administrator and will be verified by InCommon using trusted communication channels. Suspension may include processes such as revoking credentials, or removing or modifying Metadata.
If InCommon suspects any compromise or negligence on the part of a Participant, it will make reasonable efforts to contact Participant to verify Participant's status. For example, a non-responsive Administrator's account may be suspended for the security and safety of Participant's Metadata if InCommon suspects an Administrator is no longer active and its repeated attempts at contact go unanswered.
Revised FOPP Section 10.3.1, second paragraph (the first paragraph remains the same):
If InCommon suspects any compromise or negligence on the part of a Participant, it will make reasonable efforts to contact Participant to resolve the issue. In the case of a significant security incident that poses an unacceptable risk to InCommon or other federation participants, InCommon may take immediate remediation actions commensurate with the impact of the incident.