Versions Compared

Old Version 7

changes.mady.by.user urn:mace:incommon:msu.edu!https://spaces.internet2.edu/shibboleth!ldvtpjnx2qakg4kzs75nqijevg0=

Saved on

compared with

New Version Current

changes.mady.by.user urn:mace:incommon:msu.edu!https://spaces.internet2.edu/shibboleth!ldvtpjnx2qakg4kzs75nqijevg0=

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Jim Green, Michigan State
Brett Bieber, Nebraska
Galen Rafferty, CIC

1. Round robin -- news/status from the institutions

MSU -- turnove in upper management continues -- VP for Finance, Provost, and CIO all left recently.  I will meet with our interim CIO next week to try to gauge support for our proposal to re-launch MSU's Silver initiative.  There is a good chance of this project getting tabled until the CIO position is filled, which will likely be six months to a year from now.  I'll have an update on this next month.  I'm leading a project to upgrade our MIT Kerberos central authentication service; when complete it will support account lockout which is needed to achieve Silver's authentication strength requirement.  AD implementation is in the works -- there is a plan to synchronize passwords between AD and MIT Kerberos, which, if we do it, will bring our AD into scope for InCommon Silver.

Nebraska -- K-12 groups want to discuss InCommon and federation and what Nebraska -- Internet2 focusing on K-12 -- conference call -- describe what they are doing with InCommon. Working with other N. campuses on a password policy that will apply to all campuses.  Trying to align with Bronze & Silver.  Upgrading outdated policy.  User-generated password is only method allowed.  Need to change to account for two-factor.  Use entropy instead of just character classes.  Communication materials -- end users.  Entropy calculators.  Bronze -- can't meet it without password expiration.  Trying to get other campuses to understand levels of assurance and requiring different levels for different services.  Storing alongside credential, strength of credential measure of some type.  Passwords in three places -- LDAP, AD, and IdM system.  Auditor requirements for Silver -- internal auditors do not meet those requirements -- need to go with an outside.  Silver initiative tentative for sometime in 2014.  Hard to justify internal audit having to learn so much about the technical landscape.  Federation group among all the campuses; each campus writing up a gap analysis.  Can't meet Silver with AD infrastructure the way it is now -- considering alternate methods or a separate credential.  Policy requiring systems that touch passwords to use secure communications.  IdM steering committee -- opened up to on-campus.

2. Value proposition for Assurance

Jim put a couple of paragraph's from MSU's project proposal up on the wiki:

MSU Silver project proposal excerpt-- July 9, 2012

3. Alternative means  - AD and other
would be helpful in being able to use AD for Silver

4. Next steps
consider going back to separate Doodle polls each month?  Probably try this time one more time.