Draft Minutes: Assurance Implementers Call of 8-May-2013
Attending:
Ann West, Internet2
Michael Hodges, University of Hawaii
Oleg Chaikovsky, Aegis Identity Software
Chris Spadanuda, UW-Milwaukee
Jacob Farmer, Indiana University/AAC
Susan Neitsch, Texas A&M
David Walker, Independent
Benn Oshrin, Internet2
Tom Scavo, Internet2
====================
Assurance Wiki: https://spaces.at.internet2.edu/display/InCAssurance/InCommon+Assurance+Program
====================
DISCUSSION
UPDATES
RFP for Shibboleth IDP enhancements
The RFP for Shibboleth IDP enhancements to provide plug-in to support for assurance and MFA is available athttps://spaces.at.internet2.edu/display/InCAssurance/InCommon+Assurance+Program#InCommonAssuranceProgram-RequestforProposal%3AShibbolethIdentityProviderEnhancements
Proposals are due by end of May.
AD Alternative Means Working Group
https://spaces.at.internet2.edu/display/InCAssurance/AD+Alternative+Means+-+2013
The AD Alternative Means Working Group has been meeting regularly and looking closely at the Assurance specs. They have an upcoming call with Microsoft's AD domain service product manager, and have developed a list of questions this call:https://spaces.at.internet2.edu/display/InCAssurance/Questions+for+Microsoft
The AD Alternative Means Working Group hopes to have a report ready this summer.
Password Entropy Tool
Shreya Kumar has continued her work on the Password Entropy Tool, that she showed on the 3-April-2013 call.
Shreya hopes to share the new version with this group the progress on an upcoming call.
Assurance Advisory Committee (AAC)
The AAC had productive discussions during its Face-to-Face meeting in Ann Arbor on May 2, 2013. One of the topics explored is how to fix the IdP POP.
Jacob (member of the AAC) solicited input on this idea of replacing the IdP POP with the Bronze assurance profile. Currently, there is a major challenge in enforcing the expectation that every IdP have an up-to-date POP. The fact that the POP is unstructured and isn't a practice set are seen as disadvantages.
Comments:
Michael, Chris and Susan all stated that moving towards Bronze has value to their organizations. It would help with the prioritization of their local projects and increase the trust value across the federation.
...
Concerning timing, most on the call thought 18 months was okay but would rather have two years or more to allow for the transition from the IdP POP to Bronze. Jacob proposed that the timeframes be tied to InCommon pricing tiers with less time being given to the L1 schools (or big research institutions) and more time given as one progresses through the tiers.
Short Updates from Those on the Call
Michael: U. of Hawaii is looking at MFA and how to incorporate it into CAS. David: the Scalable Privacy Project may consider funding some CAS modifications to support MFA.https://spaces.at.internet2.edu/display/scalepriv/Scalable+Privacy
Susan: Texas A&M is working towards silver assurance. There is a focus on the delegating identity agents and also on second factor authentication.
Oleg: Aegis has been working with the California Community Colleges on federation. Ann noted that the InCommon affiliates have an important role in paving the way for federation.
Next Assurance implementers Call: Wed. 5-June-2013 at noon ET