Skip to end of metadata
Go to start of metadata

Assurance Monthly Call – July 18, 2012

Nick Roy, University of Iowa

Keith Brautigam, Iowa

Scott Bradner, Harvard

Karen Harrington, Virginia Tech

Jon Miner, Wisconsin

Ron Thielen, Chicago

Oleg Chaikovsky, Aegis Identity

Marlena Erdos, Harvard

Mary Dunker, Virginia Tech

Jim Green, Michigan State

Ben Oshrin, Internet2

Dean Woodbeck, Internet2 (scribe)

Action Items

  1. Add your remote proofing use cases to the wiki: https://spaces.at.internet2.edu/x/PYPYAQ
  2. Nick will communicate the comments about the proposed remote proofing scenarios (video and notary) to the Big Ten auditors
  3. Ann will be asked to do the same to the InCommon TAC
  4. Mary will distribute a draft of a mapping between the IAP and the EDUCAUSE Information Security Guide and ask for comments

Remote Proofing

Discussion of remote proofing use cases on the wiki: https://spaces.at.internet2.edu/x/PYPYAQ

Several seem to be missing:

  • student accepted but not yet on campus
  • faculty hired but not yet on campus
  • work-at-home employees

(AI) Those who suggested use cases, please add to the wiki. If you don’t have edit access, email Dean (woodbeck@internet2.edu)

Discussion of the approaches proposed by Michael Gettes

Video approach - comments

  • Is this overkill, or is this just a very detailed description with all of the steps for Silver?
  • More convenient for a user than the notary approach
  • Will holding an ID or document up to a camera pass muster for Silver? With auditors?
  • Need another option if user’s bandwidth too low for video
  • Driver’s licenses often have elements not visible with ambient light

But, Silver requires the presenting of a document, not vetting whether it is legitimate. Just checking, for instance, that the photo on the driver’s license matches the person presenting.

There was also discussion about the ease of forging documents to show on a video camera, and also the ease of spoofing an email address. It could be that, for video proofing, using an email address as address-of-record may not be allowable.

Suggestion to take the notary and video proposals to the InCommon TAC for review and comment.

Suggestion to ask TAC the question whether a notary is considered in-person proofing (just like campus proofing) or remote. Is the notary effectively an agent of the campus?

(AI) Nick will run these approaches and concerns past the Big Ten auditors. 

(AI) Ask Ann to run these approaches and concerns past the TAC.

---

IAP/IAAF – Some had problems finding the latest versions of the 1.2 IAP and IAAF. It would be good to have the latest versions on the wiki, even if there is a note that they are still draft.

----

Mary is creating a cross-reference mapping between the IAP and the EDUCAUSE Information Security Guide (which has section on access control). The goal is to determine if there are sections of the guide that would be useful for institutions applying for Silver. Mary will send the document to the list for comment. 

  • No labels