Skip to end of metadata
Go to start of metadata

Building Identity Trust Federations Conference Call

October 17, 2012

1) In Attendance

  • Suresh Balakrishnan (University System of Maryland)
  • Oleg Chaikovsky (Aegis)
  • Mike Grady (UIUC)
  • Michael Hodges (University of Hawaii)
  • Ken Klingenstein (Internet2)
  • George Laskaris (NJEDge.Net)
  • Greg Monaco (Kansas State University)
  • John Moore (MCNC)
  • Benn Oshrin (Internet2)
  • Mark Rank (UW Milwaukee)
  • Mark Scheible (MCNC)
  • Craig Stephenson (WiscNet)
  • Jack Suess (UMBC)
  • Bill Thompson (Unicon/Jasig)
  • Valerie Vogel (EDUCAUSE)

2) Scalable Privacy: An NSTIC Grant for the Identity Ecosystem (Ken Klingenstein)

  • Ken and Jack's NSTIC Presentation (PPT)
  • Set of pilot programs (solicited in Feb/Mar and concluded recently – about 180 applications). Solicitation is still available on the website:
  • 2 submitted by Internet2 were accepted – multi-factor authentication deployment at several institutions and scalable privacy (building an infrastructure for the identity ecosystem). Asked to combine the two proposals.
  • In the end, 5 proposals were accepted. 1 was awarded to Internet2. A second awarded to Criterion Systems (Beltway Defense contractor) around monetization of attributes, but involves Internet2.
  • NIST is trying to keep a distinction between the two efforts (pilots and governance).
  • Two year grant for $3.4M (second year pending). Emphasis on major infrastructure elements for privacy.
  • Key deliverables
    • Promotion of two factor authentication
    • Schema for common use
    • Privacy managers
    • Implementing anonymous credentials at scale
    • Metadata strategies to support the above
    • Significant pilots and testbeds
    • Several policy thickets (e.g., adoption of attributes and bundles, anonymous credentials, privacy, and application privacy assessment "marketplace")
  • Promotion of multi-factor authentication through wide-scale deployments of different technologies at 3 institutions (MIT, Utah, Texas). Facilitation will also support a cohort of additional schools with their deployments, leveraging the lead school activities.
  • "Big Picture" – Working with a graphic artist to tie these pieces together and should have this ready to share later this month. What flows within the big picture – attributes (may be externally asserted, self-asserted, third party asserted) and management of attributes (trust, vetted application info, user consent flows).
    • IdP's
    • SP's
    • Attribute authorities
    • Third parties, portals, etc.
    • Application auditors
    • Federation operators
    • The user
  • The User and Contexts
    • A person operates in one of several contexts when online: as a citizen, as a worker-employee, as a consumer, as a physical entity, and possibly others.
    • In managing their privacy, what parts of the user experience should be consistent between contexts and what may be different?
  • Primarily "citizen" oriented, but with significant value to many other contexts, including consumer and business.

3) NSTIC Strategy; Current and Future Efforts (Jack Suess)

  • Ken and Jack's NSTIC Presentation (PPT)
  • NSTIC Strategy Document – General principles
    • Privacy enhancing and voluntary
    • Secure and resilient
    • Solutions must be interoperable
    • Cost-effective and easy to use
  • August plenary – about 900 participants (some virtually) representing 320 organizations (approx. 1/3 made up of Higher Ed institutions).
  • Since August – bylaws must be approved by Nov. 13. Next plenary is Oct. 29-30. Governance TF has met on average 8 hours per week.
  • Discussion webinar on Oct. 22 (2-4 pm) that highlights the upcoming bylaws.
  • Future efforts – Oct. 29 to Jan. 1, 2013
    • Emphasis on creating and approving workgroup charters
    • Management committee wants to establish liaisons and communication channels between related workgroups.
    • Communication and outreach efforts to the broader community.
    • Next election for management council will be February 2013.
    • The group does not want to create standards unless that's absolutely necessary.
  • No labels