Sirtfi Compliance of SAFIRE

2025-10-09: This document has been superseded by [a new version]({{ ref “/technical/saml2/sirtfi/_index.md#safire-federation-infrastructure” >}}) that attests to Sirtfi v2.0.

This is a self-assessment of the South African Identity Federation’s compliance with the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi) version 1.01. Such an assessment is necessary because the Federation uses a hub-and-spoke architecture, and thus some Federation components are in scope for identity- and service- providers own Sirtfi assessments. For this reason, SAFIRE’s own assessment includes more detail than it normally requires of Federation Participants (who need only provide the expression of compliance).