Assurance Call of July 8, 2015
Attending
Jacob Farmer, Indiana University
Mohammed Haroun, Columbia
Jon Miner, UW Madison
Brett Bieber, University of Nebraska
Jared Ross, University of Illinois
Eric Goodman, University of California Office of the President
Ann West, Internet2
Nick Roy, Internet2
David Walker, Internet2
Paul Caskey, Internet2
Emily Eisbruch, Internet2
Discussion
Introductions and Q&A with Paul Caskey and Nick Roy
new Internet2 staff members (see the blog)
Nick Roy, Internet2 Director of Technology and Strategy at InCommon
Role includes:
Maintains integrity of InCommon Identity Federation Service
Ensure we can support edugain for interfederation
Support Assurance from the Technology sides
in the future, supporting the Privacy Lens/Attribute Release/Consent work from the Technology side
Nick was previously with University of Iowa and then Penn State.
A few years back, Nick worked with other community members on the AD Silver Assurance Cookbook.
Paul Caskey, Internet2 Program Manager of Community Trust and Practices
Paul was previously with University of Texas System
Helped develop and manage the University of Texas System Identity Federation
Identity Assurance has been important to Paul for many years.
Paul now located at the Internet2 / Unizen office in Austin.
Looks forward to working with the community to help spin up new working groups, including work on interfederation.
Also responsible for the InCommon Certificate Service
Ann West comments
- Internet2/InCommon is fortunate to have Nick and Paul
- Working on global interfederation will bring many opportunities
- Paul, as Trust Manager, will help us connect and access higher value services.
Ideas: Trust Elevation Gateway, Multi Factor Authentication Gateway, help SPs offer high value services
- The InCommon Federation Participant Operating Practices (POP) needs to be evolved. InCommon TAC Workgroup will look at that issue.
Comment: Great to have people of this caliber joining the InCommon team
MFA Interoperabiity Profile Working Group
Ann: Context Setting: Ann and Paul had a recent discussion with LaChelle LeVan, an architect, replacing Anil John at FICAM.
FICAM does not have a federation, they are interested in leveraging the InCommon Federation.
The InCommon position is that we need a business driver.
InCommon is looking beyond the Bronze and Silver profiles in term of assurance.
FICAM is interested in the MFA work InCommon is doing.
Jacob: The call for participation in the MFA Interoperability Profile Working Group got an excellent response from the community. Forty people expressed interest in participating.
Jacob will be adding people who have contacted him to the email list mfa-interop@incommon.org
Jacob will be developing sub-groups to help chunk the work. Leaders will be needed for the subgroups. Hope for an organizational call for the working group the week of July 20.
Subgroups might roughly follow the deliverables as defined by the working group charter, which are:
1. Assemble use cases that will motivate the deliverables of this working group
2. Develop short list of widely deployed MFA technologies that will be in scope for the profile
3. Define requirements for and draft MFA Interoperability Profile
4. Develop and recommend scope and plan for adoption
===========
Paul: At an upcoming call with FICAM, we will work to ensure their input/representation on the MFA Interop Profile working group.
David Walker: Offer to present to the new MFA Interop WG the underlying technical infrastructure used for the Multi Context Broker.
Jacob: Agreed, that would be very helpful.
Round Robin
Mohammed, Columbia
Columbia appreciates the answers to questions that they posed on the Assurance list. In the future, Columbia may have additional questions related to auditing for Silver Assurance. Potential to talk with Virginia Tech on that.
Eric, UCOP:
Wondering about definition of privacy for assurance. What does it mean to be privacy preserving?
Excited about the MFA work. UCOP is rolling out an application that needs MFA. Need ways to communicate whether MFA was done and when it was done.
Use case where MFA is desired but not required, where another approach is permitted
David: Time limits for authentication are an interesting use case
[AI] (Jacob) will bring the issue of ForceAuthn to the MFA Interop Profile Working Group.
Ann: Would be helpful to have a conduit/liaison back to the CIC. Perhaps Brett, Jared, John can fill this role.