...
FICAM 1.0 spec and related documents focused on identity provider and credential practices.
Since the approval of FICAM 2.0, there are a few changes. FICAM 2.0 also encompasses:
...
Much progress in the discussions with FICAM. See slide 6 for progress on these issues.details.
componentized services
An important topic is componentized services (see slide 7 and 8 for details )
Issues Discussions with NIH and NSF
See slide #9
InCommon's discussions with NIH and NSF resulted in FICAM accepting our standardized attribute bundle (R&S) rather than the attributes FICAM had been requiring (which has included legal name and DOB)
See slide #
GSA (home agency for FICAM) has joined InCommon, Looks like GSA will be the focal point for other agencies.
We are piloting insertion of community tags into the metadata, and FICAM will have one of those early pilots.
That will be a powerful ability
This is in process, not announced yet
Componentized serivces ,
how can FICAM enable agencies to pick and choose, for example with
for example a Kantara Approved Token Manager and a Safe BioPharma Approved Identity Services Manager and they work together to be a Credential Services Provider
there was a meeting in DC about this with intersted disucsion
interesting discussion about the major pieces
need to audit the glue between token manager and identity services manager
There are under 20 pieces that tie between the components.
Once audited that could be a full CSP
This would allow us to outsource pieces
If you had an adult distance learning service and need it be become a FICAM approved silver service
That could be considered an approved identity provider .
==
We are also working with
NIH and NSF in context of assurance and federation in general
They would like usage of InCommon Credentials to grow.
Many faculty are using Google Credentials
More difficult to address assurance and broader needs of the agencies.
Need persistence across the organization for the researchers
If they move from one organization to another
there are issues
NSF is piloting ORCD to adress moving/persistance
NIH sees a need for Bronzish
Silver without the Identity proofing
==
Community Profiles
There are community needs
...
Community Profiles
See Slide 10
- In addition to the FICAM-based Bronze and Silver profiles, there are community needs, such as for an MFA profile.
- Ability to assert Multi Factorness to a provider like Workday, would be triggered based on a need to access a financial record.
- Also need to replace the POP approach of "Post your Practices" and have baseline practices
SteveD:Steve Devoti reported
- The AAC is working to revise its charter
...
- to do more than manage the assurance process for certification.
...
- The AAC is looking at what needs to be modified to increase trust within the federation.
- This does not expand a lot the AACs charge. But it is broader than managing a process.
- We have received lots of feedback (from our SP partners) on the lack of usefulness of the POP and the lack of Compliance. Some InCommon participants are not updating their POPs.
- We have talked about decomposing the assurance profiles into trust marks to drive incremental progress within the federation.
So not this big thing. Silver.
...
- The goal is to get people on the road to higher trust and higher assurance.
- There is work at GA Tech on Trust Marks
Can address what we have heard from community about the POP and about MFA.
...