AAC call Thursday, January 12, 2017, 2pm ET
Attending
Brett Bieber, University of Nebraska, (Chair)
Ted Hanss, University of Michigan
Joanna Rojas, Duke
Tom Barton, University of Chicago
Ann West, Interent2
Emily Eisbruch, Internet2
Action Items
[AI] (Tom) take Baseline Expectations implementation plan to next level over coming weeks. Brett will help
[AI] (Tom) continue to monitor the REFEDs MFA work and how it relates to the MFA Interop Profile work
- update: REFEDS MFA Profile doc under review by REFEDS Assurance WG. Short and should be ready for Consultation soon. Identifier to be assigned is “https://refeds.org/profile/mfa”.
[AI] (Ann and Brett) develop questions for InCommon program review by next AAC call
Discussion
Welcome to 2017. Brett is 2017 AAC chair.
AAC Focus Areas for 2017:
The AAC focus for 2017 will be on implementing baseline expectations.
Working with REFEDs Assurance WG and other InCommon working groups on related projects
Ann, Tom and Brett will be meeting to talk about AAC direction
AAC Recruitment
Chris Whalen - NIH (already confirmed by Steering, not able to join calls on Thursdays)
- [AI Emily] Doodle poll to find time for AAC to meet, (Done, new time is biweekly Wed at 4pm ET)
An individual from a sponsored partner contacted Chris on Nov. 5, 2016 about serving on the AAC
- [AI] (Brett) reply that we will welcome him to join the AAC.
AAC still has open slots for another IDP Rep. and another auditor Rep.
InCommon Assurance Program Review
The Federal approved FICAM program has not been broadly adopted by higher ed or by the federal agencies. The AAC charter was written to support that FICAM program. The program review will examine this. Charter may need tweaking. If AAC charter is to emphasize trust building activities, then the AAC membership may be altered.
We may not need two auditors on the AAC moving forward, if the emphasis is on trust components that do not include an audit requirement. We may want security experts to join the AAC. The goal for AAC membership may be to be representative of the stakeholders. Joanna is willing to help communicate the changed role of auditor on the AAC as needed
We may want to start the program review by asking questions around value proposition and efficacy of the FICAM program, keeping in mind the effort and cost to InCommon of the program. If we can demonstrate need for a shift in InCommon Assurance, through program review, this will be good for the community understanding.
Lack of audit is an issue for more trustworthy profiles. Concern about all the self-attested profiles and the trustworthiness of orgs to treat these seriously and do the right thing. Peer review process has promise. Peer review may be part of baseline expectations and may be part of the REFEDs assurance process. Will be interesting to build/implement the peer review process
[AI] (Ann and Brett) develop questions for InCommon program review by next AAC call
Baseline Expectations
Steering has accepted the AAC’s baseline expectations.
Good discussion at Steering call in Dec. 2016 where Brett and Kevin presented.
Steering had a few questions about the implementation plan
Tom intends to take next steps on Baseline Expectations implementation plan
Tom hopes to work on this towards end of January
Ann notes that communications to community will be required.
Documentation will be needed to guide on how to implement/consider
Will need to know if there are changes required to the Federation Manager (ie checkbox to indicate that an IdP/SP follows baseline practices)
Assumption that no tag will be needed
Process will be needed for an org to file a complaint about non compliance of another org
MFA Interop Profile - status
Multi Factor Authentication profile working Group produced excellent work including profile
REFEDs WG looked at it and a consultation is coming soon
After consultation, there will be a REFEDs identifier (URI) for the MFA Interop Profile
There is no entity tag involved
REFEDS MFA Profile doc under review by REFEDS Assurance WG. Short and should be ready for Consultation soon. Identifier to be assigned is “ https://refeds.org/profile/mfa ”.
How should communication to the community work about the MFA Interop profile?
We should get back in touch with Karen Herrington when the URI is approved
See if the MFA Interop WG wants to be involved in education and adoption and promotion efforts
Ann, Tom and Dean will work on communications and promotions around the MFA profile
Bundle with baseline expectations?
Do an IAM Online webinar on “how trust is changing across InCommon, how to participate in that”
Report-out on Jan. 4, 2017 Assurance Call
on topic of REFEDS Assurance Working Group with Mikael Linden
Mikael did a great job of explaining the REFEDs WG status and how they’ll be moving to the next stage of consultation
Tom: there was feedback from the Assurance call that the REFEDs WG put into their work product at a subsequent call last Wednesday
Brett: does the InCommon AAC have enough participation in the REFEDs Assurance WG?
Brett plans to join the REFEDs assurance calls when possible
Plans for Upcoming Assurance Calls
Wednesday, Feb 1 at noon ET - cancel this call
Wednesday, March 1 at noon ET
Suggestion: discuss Baseline expectations plus MFA Interop profile and changes coming at a future Assurance call -- later in 2017
News from partner efforts
REFEDS -
Hope in January REFEDS will be ready to roll out the MFA Interop Profile. The profile will be in the REFEDs namespace
SIRTFI
Others
Next AAC call: Thursday, January 26, 2017 (note this was rescheduled to Wed. Feb 1)