AAC call Thursday, January 12, 2017, 2pm ET


Brett Bieber, University of Nebraska, (Chair)

Ted Hanss, University of Michigan

Joanna Rojas, Duke

Tom Barton, University of Chicago

Ann West, Interent2

Emily Eisbruch, Internet2

Action Items

[AI] (Tom) take Baseline Expectations implementation plan to next level over coming weeks. Brett will help

[AI] (Tom) continue to monitor the REFEDs MFA work and how it relates to the MFA Interop Profile work

  •  update:  REFEDS MFA Profile doc under review by REFEDS Assurance WG. Short and should be ready for Consultation soon. Identifier to be assigned is “https://refeds.org/profile/mfa”.

[AI] (Ann and Brett) develop questions for InCommon program review by next AAC call


Welcome to 2017.  Brett is 2017 AAC chair.

AAC Focus Areas for 2017:

  • The AAC focus for 2017 will be on implementing baseline expectations.

  • Working with REFEDs Assurance WG and other InCommon working groups on related projects

  • Ann, Tom and Brett will be meeting to talk about AAC direction

AAC Recruitment

Chris Whalen - NIH (already confirmed by Steering, not able to join calls on Thursdays)

  • [AI Emily] Doodle poll to find time for AAC to meet,  (Done, new time is biweekly Wed at 4pm ET)

An individual from a sponsored partner  contacted Chris on Nov. 5, 2016 about serving on the AAC

  • [AI] (Brett)  reply that we will welcome him to join the AAC.

AAC still has open slots for another IDP Rep. and another auditor Rep.

InCommon Assurance Program Review  

The Federal approved FICAM program has not been broadly adopted by higher ed or by the federal agencies.  The AAC charter was written to support that FICAM program. The program review will examine this. Charter may need tweaking.  If AAC charter is to emphasize trust building activities, then the AAC membership may be altered.

We may not need two auditors on the AAC moving forward, if the emphasis is on trust components that do not include an audit requirement. We may want security experts to join the AAC. The goal for AAC membership may be to be representative of the stakeholders. Joanna is willing to help communicate the changed role of auditor on the AAC as needed

We may want to start the program review by asking questions around value proposition and efficacy of the FICAM program, keeping in mind the effort and cost to InCommon of the program. If we can demonstrate need for a shift in InCommon Assurance, through program review, this will be good for the community understanding.

Lack of audit is an issue for more trustworthy profiles. Concern about all the self-attested profiles and the trustworthiness of orgs to treat these seriously and do the right thing. Peer review process has promise.  Peer review may be part of baseline expectations and may be part of the REFEDs assurance process. Will be interesting to build/implement the peer review process

[AI] (Ann and Brett) develop questions for InCommon program review by next AAC call

Baseline Expectations  

  • Strawman Implementation Plan

  • Steering has accepted the AAC’s baseline expectations.

  • Good discussion at Steering call in Dec. 2016 where Brett and Kevin presented.

  • Steering had a few questions about the implementation plan

  • Tom intends to take next steps on Baseline Expectations implementation plan

  • Tom hopes to work on this towards end of January

  • Ann notes that communications to community will be required.

  • Documentation will be needed to guide on how to implement/consider

  • Will need  to know if there are changes required to the Federation Manager  (ie checkbox to indicate that an IdP/SP follows baseline practices)

  • Assumption that  no tag will be needed

  • Process will be needed for an org to file a complaint about non compliance of another org


MFA Interop Profile - status 

  • Multi Factor Authentication profile working Group produced excellent work including profile

  • REFEDs WG looked at it and a consultation is coming soon

  • After consultation, there will be a REFEDs identifier  (URI) for the MFA Interop Profile

  • There is no entity tag involved

  • REFEDS MFA Profile doc under review by REFEDS Assurance WG. Short and should be ready for Consultation soon. Identifier to be assigned is “ https://refeds.org/profile/mfa ”.

  • How should communication to the community work about the MFA Interop profile?

  • We should get back in touch with Karen Herrington when the URI is approved

  • See if the MFA Interop WG wants to be involved in education and adoption and promotion efforts

  • Ann, Tom and Dean will work on communications and promotions around the MFA profile

  • Bundle with baseline expectations?

  • Do an IAM Online webinar on “how trust is changing across InCommon, how to participate in that”

Report-out on  Jan. 4, 2017 Assurance Call

 on topic of  REFEDS Assurance Working Group with Mikael Linden

  • Mikael did a great job of explaining the REFEDs WG status and how they’ll be moving to the next stage of consultation

    see slides and recording here 

  • Tom: there was feedback from the Assurance call that the REFEDs WG put into their work product at a subsequent call last Wednesday

  • Brett: does the InCommon AAC have enough participation in the REFEDs Assurance WG?

  • Brett plans to join the REFEDs assurance calls when possible

Plans for Upcoming Assurance Calls

  • Wednesday, Feb 1 at noon ET - cancel this call

  • Wednesday, March 1 at noon ET

  • Suggestion: discuss Baseline expectations plus MFA Interop profile and changes coming at a future Assurance call -- later in 2017

News from partner efforts

  • REFEDS -

    • Hope in January REFEDS will be ready to roll out the MFA Interop Profile. The profile will be in the REFEDs namespace


  • Others

Next AAC call: Thursday, January 26, 2017 (note this was rescheduled to Wed. Feb 1)

  • No labels