The Sirtfi framework (Security Incident Response Trust Framework for Federated Identity) is a mechanism to identify trusted and operationally secure partners in a federated authentication and authorisation environment.

Sirtfi lists a number of requirements that organisations need to meet in order to be declared Sirtfi-compliant. As a result, Sirtfi is used to mark trusted partners within eduGAIN. Compliance is expressed in metadata and gives a transparent view of those organisations willing to engage in collaborative incident response.

More about Sirtfi


Why Sirtfi?

The Sirtfi poster

Sirtfi: chasing the bad-guys together (REFEDS blog)

List of ID federations asserted by Sirtfi (eduGAIN website; filter for Sirtfi status on the bottom-right corner)

Sirtfi FAQs (REFEDS website)

Sirtfi in action

AARC RCAuth Pilot

This pilot addresses the SAML to x509 certificate token translation that is essential for many researchers, particularly those dependent upon grid computing.

By requiring that identity providers assert Sirtfi, in conjunction with the Research and Scholarship entity category, RCAuth is able to issue trusted IGTF certificates, which are accepted by major research infrastructures such as EGI.


Sirtfi provides the security contact of the home organisation for all users accessing CERN via eduGAIN. This is considered critical to ensure that any incident involving CERN, and the related computing infrastructure WLCG, is able to be handled efficiently.

Without Sirtfi, identity providers in eduGAIN are not trusted to authenticate at the thousands of service providers that CERN manages.

Sirtfi was written by the REFEDS (the Research and Education FEDerations group) Sirtfi Working Group.

IAM online : Sirtfi