Versions Compared

Old Version 2

changes.mady.by.user urn:mace:incommon:msu.edu!https://spaces.internet2.edu/shibboleth!ldvtpjnx2qakg4kzs75nqijevg0=

Saved on

compared with

New Version Current

changes.mady.by.user urn:mace:incommon:msu.edu!https://spaces.internet2.edu/shibboleth!ldvtpjnx2qakg4kzs75nqijevg0=

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Notes from Assurance Monthly Call- June 6

Nick Roy, Iowa
Keith Brautigam, Iowas
Tim cameron, NSC
Jim Green, MSU
Mary Dunker, VA Tech
Michael Gettes, CMU
Russel Yount, CMU
Tom Scavo, Internet2/InCommon
Deb Coggins, Illinois
Bill Weems, UT Houston
Mark Rank, UW Milwuakee
Karl Heins, Santa Barbara
David Walker, Expert at Large
Dan Malone, Cal Poly
David Bantz, Alaska
Kevin Costlow, NSC
Ron Thielen, Chicago
Ann West, Internet2/InCommon

...

NOTES
Sample Methods for Remote Proofing

CMU

  • Need LoA2 earlier in the cycle?
  • Contractors all over the world
  • 5000 staff/churn 20% per year
  • 100-150 folks do Id Proofing
  • Transitioning to WorkDay SaaS
  • Video approach
  • Students aren't in scope for now.

UT

  • school of public health certify students that never come to campus
  • LoA1 system - student gets account
  • remote proofing - interchange of records to verify identity
  • notaries send documents to the institution.
  • why are deviating from what is define in 800-63?
  • For folks can't physically be there, using video

How detailed should we be in checking id?

  • Should we put the government issue id under UV light source?
  • Why do we feel that we have to do the process perfectly?
  • Shouldn't be trying to be perfect, but need to think through it so
    that it's not challenged in the future.
  • BTW, in LoA 2 there's no id vetting, just inspection.

Use Cases

  • Staff - How do we address them? It's best to incorporate id proofing
    into the specific on-boarding process for that type of user.
  • Researchers doing remote work.

International issues

  • Are there a lot of cases where users don't get US gov issued id? Yes, there are students and contractors that aren't in the US and won't be coming here that need to be id proofed. Have to be consistent and Good enough. But do they need LoA2? Some yes.
  • At CMU, Michael has students in Qatar attending that branch that have no access to US officials. But Michael, do they need LoA2 access? Maybe for transcripts. Service risk should drive LoA 2 need.

Normalizing policy and practices across community will help us scale. If true, then maybe we should be looking at the common denominators. As soon as we throw in the feds as the only driver, it may be difficult to make the case to management. We can't conflate the federal Id requirements with higher education's.

...