InCommon Policy Forum
Tuesday, April 19, 2011 Internet2 2011 Spring Member Meeting
- Jack Suess reviewed the membership of steering and discussed the establishment of three subcommittees – governance, finance/services, strategic relationships
Review of 2010/Goals for 2011
- The Future Report (from 2010) included 13 recommendations and many have been accomplished.
- The report included a recommendation that a business plan be developed, which is underway, with the goal of demonstrating InCommon’s break-even point and documenting the revenue needed move forward in key areas
- Goals for 2011 – a total of 390 participants, including 270 universities, 30 research organizations, 90 sponsored partners. Also, 10 subscribers to the new assurance program (e.g. Bronze/Silver)
- 2011 Certificate Service Goal: 140 subscribers, including 25 using client certificates
- Advance CAMP will be May 25-27, 2011, in Westminster, Colorado
- CAMP will be June 21-23, 2011, in Columbus, Ohio
- The next Shibboleth Workshop Series is July 21-22, 2011, in Milwaukee, Wisconsin
- Jack thanked the five InCommon Affiliates: Microsoft, AegisUSA, Gluu, Unicon, and Fischer International
Encouraging Sponsored Partners
- Jack talked about the value of adding Sponsored Partners to increase the number of services available via federated identity management. He also discussed the need to have additional identity providers connect with current SPs, particularly such popular applications as those provided by EDCAUSE, the National Student Clearinghouse, and others.
- Jack asked for ideas for incentives, such as “bring in an SP, get an InCommon t-shirt.”
- The TAC has completed work on refining the two major documents related to the Identity Assurance Program (sometimes call Bronze and Silver). InCommon Steering will review the refined Identity Assurance Profile and Identity Assurance Assessment Framework and schedule a vote at a meeting in May.
- Shauna Benson from the National Science Foundation reviewed research.gov and an ongoing pilot with Penn State, the University of Washington and the University of California Davis to provide federated access to the site. She announced that, sometime in May 2011, NSF will open federated access to research.gov to all InCommon participants.
- The National Institutes of Health continues to roll out federated applications and shared success stories of federated access to PubMed and the CTSA wiki. To date, 50 universities have registered for federated access.
Certificate Service update
- Client (personal) certificates will soon be released. Use cases include authentication for VPN, wireless and web portals, signed and encrypted email, digital signatures, and grid computing. Complete information is available at www.incommon.org/cert/clientcerts.html
- The roadmap for client certificates includes:
1. General certificate availability and CPS
2. Document certificate-enabled applications
3. Certificates on mobile devices
4. Comodo client certificates API
5. Certificate installation automation best practices
6. Test Simple Certificate Enrollment Protocol (SCEP)
7. Integrate Shib-enabled access to certificate manager
- Research organizations, such as those associated with federal agencies as well as virtual organizations, are now eligible to join InCommon as full participants, including the ability to sponsor partners. See www.incommon.org/research_orgs.html
User Consent for Attribute Release
Russ Beall (University of Southern California) and Steve Carmody (Brown University) provided a demo of uApprove, a Shib add-on that provides for user consent of the release of attributes.
- There is now forming a group of schools intending to deploy uApprove. Anyone interested should contact Steve Carmody (Steven_Carmody@brown.edu)
- Brown is deploying uApprove and believes it is FERPA compliant. They intend to turn on uApprove for a large number of applications prior to fall semester. Brown also has an institutional policy for categorizing SPs – releasing certain information by default to on-campus SPs. For off-campus applications, Brown will trigger uApprove in some scenarios and has identified a set of attributes to release (EPPN, name, affiliation, and email).
- Tom Scavo of InCommon said that the federation is committed to making the necessary metadata changes required by uApprove in the next month or two.
- Russ Beal reported that a user’s approval of attribute release is persistent until the individual pushes “reset” or if the data changes. Steve said uApprove includes a package that allows a user to revoke consent at a later date.
- Russ provided a live demo of USC’s test instance of uApprove. The demo is available as part of the archived Netcast of this session at: http://preview.tinyurl.com/6j5xgza. The demo begins at about 33:40 of the Netcast.
Nicole Harris of REFEDS, the international consortium of federations, mentioned that the group is working with individual federations to align requirements of sponsored partners, to make it easer for these resource providers who may be joining multiple federations. The REFEDS review found two issues with InCommon: 1) the request for $3 million in insurance – the requirement of a dollar amount is unique among federations; 2) the requirement for a sponsorship letter (the suggestion is to reserve the right to ask for a letter, as opposed to making it a requirement). Jack asked for an email memo from Nicole outlining these concerns that he would then share with InCommon Steering.
The National Strategy on Trusted Identities in Cyberspace (NSTIC) was released last Friday (www.nist.gov/nstic). Jack encouraged higher education to continue to help lead in this area.
- There was a question about the status of EduRoam, the secure worldwide roaming access service. About 30 U.S. institutions have joined EduRoam, which is currently hosted at the University of Tennessee. There have been discussions about InCommon becoming the U.S. provider of this service. A decision on this is expected by the end of May.