Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Draft Minutes, Assurance Implementers Call, 10-

...

July-2013

Attending
Ann West, InCommon
Mark Rank, UCSF
Dave Langenberg, U. Chicago
Brett Bieber, Univ. of Nebraska, Lincoln
Jeff Capehart, University of Florida
Lee Trant, U of Nebraska Medical Center (UNMC)
David Walker, InCommon
Emily Eisbruch, Internet2, scribe

...

The Assurance and MFA Enhancements to Shibboleth Identity Provider RFP was awarded to Paul Hethmon, who has been involved in the Shibboleth project. Information on this work will be posted on the the Shibboleth wiki. This URL will be shared with the Assurance list. The goal is to have the work completed by end of 2013. The RPF has acceptance criteria that 3 campuses will test the code, and we hope to identify the 3 testing campuses within a few weeks. Most likely testing will take place in September or October. David will send out a solicitation for testing campuses. Let David know if you are interested in helping with the testing.

...

The AAC is working on a proposal (to be sent to InCommon Steering) to make bronze Bronze the baseline for participation in the InCommon Federation.

...

Brett was on the June 20 call.  At U. Nebraska, the goal is to implement a system for counting failed logins by Aug. 1, since Nebraska has a target to achieve bronze by Aug. 1.  Brett currently has an implementation counting the LDAP failed authentication attempts. This work is posted on GITHUB and there is information on the wiki at https://spaces.at.internet2.edu/display/InCAssurance/Component+Implementation+Guide However for AD, Nebraska has challenges around identifying the proper event codes. Brett has discussed the AD event codes issues with U. Chicago and would like to confer with other institutions also. Ann suggested writing a note to the assurance list to ask if anyone can help with the AD code.   The AD topic came up at the CIC IDM meetings taking place this week in Columbus.   Brett will be in touch with Ann to arrange an opportunity to talk about the AD issues with the AD Assurance Group. https://spaces.at.internet2.edu/display/InCAssurance/AD+Alternative+Means+-+2013

Assurance Use Case

Ann stated reported that the Business School of a large research institution recently approached InCommon with a new use case. At this institution, Central IT has stated that the Business School needs to be Bronze certified to federated internally. The Business School has an IDP, but does not need to be in InCommon metadata, it needs  to conform to the bronze profile to achieve security goals. So at this institution, Central IT is outsourcing the security/ credential requirement to InCommon.

Ann has encouraged the Business School to talk with Central IT about having the institution (not the Business School) sign the assurance addendum with same signature authority as signed the InCommon POP. Further, if they want InCommon to manage the assurance re-certification every 3 years, they would need to put the Business School IDP in the InCommon metadata. This would mean the institution would need to pay for a second IDP , for the Business School.

David suggested that it would make sense for the institution to get the bronze certification instead of just the Business School. The IDPO is the institution. The institution will need to  to explain to users which IDP to use for which situations.

Ann asked if InCommon Assurance should consider a reduced free for cases where there is no IDP, forcases where an institution wants a offering a service to enable institutions to get a "stamp of approval" for good practices.    David suggested that this makes sense, it would be like an audit report saying "yes we agree with management's assertion that they meet the requirements for the assurance program."  It was noted that without a SAML IDP IdP it is not possible to be bronze certified under 4.2.7.  

...

Jeff Capehart stated that at University of Florida, the password policy has been revised adding some new options around associated with use of longer passwords. The new policy still complies with the entropy requirements.

Lee stated that UNMC is examining the different levels of assurance currently in use.

...