Assurance Monthly Call – July 18, 2012
Nick Roy, University of Iowa
Keith Brautigam, Iowa
Scott Bradner, Harvard
Karen Harrington, Virginia Tech
Jon Miner, Wisconsin
Ron Thielen, Chicago
Oleg Chaikovsky, Aegis Identity
Marlena Erdos, Harvard
Mary Dunker, Virginia Tech
Jim Green, Michigan State
Ben Oshrin, Internet2
Dean Woodbeck, Internet2 (scribe)
- Add your remote proofing use cases to the wiki: https://spaces.at.internet2.edu/x/PYPYAQ
- Nick will communicate the comments about the proposed remote proofing scenarios (video and notary) to the Big Ten auditors
- Ann will be asked to do the same to the InCommon TAC
- Mary will distribute a draft of a mapping between the IAP and the EDUCAUSE Information Security Guide and ask for comments
Discussion of remote proofing use cases on the wiki: https://spaces.at.internet2.edu/x/PYPYAQ
Several seem to be missing:
- student accepted but not yet on campus
- faculty hired but not yet on campus
- work-at-home employees
(AI) Those who suggested use cases, please add to the wiki. If you don’t have edit access, email Dean (firstname.lastname@example.org)
Discussion of the approaches proposed by Michael Gettes
Video approach - comments
- Is this overkill, or is this just a very detailed description with all of the steps for Silver?
- More convenient for a user than the notary approach
- Will holding an ID or document up to a camera pass muster for Silver? With auditors?
- Need another option if user’s bandwidth too low for video
- Driver’s licenses often have elements not visible with ambient light
But, Silver requires the presenting of a document, not vetting whether it is legitimate. Just checking, for instance, that the photo on the driver’s license matches the person presenting.
There was also discussion about the ease of forging documents to show on a video camera, and also the ease of spoofing an email address. It could be that, for video proofing, using an email address as address-of-record may not be allowable.
Suggestion to take the notary and video proposals to the InCommon TAC for review and comment.
Suggestion to ask TAC the question whether a notary is considered in-person proofing (just like campus proofing) or remote. Is the notary effectively an agent of the campus?
(AI) Nick will run these approaches and concerns past the Big Ten auditors.
(AI) Ask Ann to run these approaches and concerns past the TAC.
IAP/IAAF – Some had problems finding the latest versions of the 1.2 IAP and IAAF. It would be good to have the latest versions on the wiki, even if there is a note that they are still draft.
Mary is creating a cross-reference mapping between the IAP and the EDUCAUSE Information Security Guide (which has section on access control). The goal is to determine if there are sections of the guide that would be useful for institutions applying for Silver. Mary will send the document to the list for comment.