Ann West, InCommon/Internet2
Mark Rank, UCSF
Dave Langenberg, U. Chicago
Ron Thielen, U. Chicago
David Walker, Independent
Dedre Chamberlin, UCSF
Mark Rank, UCSF
Sharon Welna, Univ. University of Nebraska Medical Center
Steve Devoti, University of Wisc.
Jon Miner , University of Wisc.
Michael Hodges, Univ of Hawaii
Eric Goodman, UC Office of the President
Jeff Kaphart, Univ University of Florida
Emily Eisbruch, Internet2
Migration of Certified IdPOs from 1.1 to 1.2
Steve Devoti reported that the AAC has developed an upgrade process that will serve for the current upgrade from 1.1 to 1.2, and will also provide the framework for future upgrades to the assurance spec. The migration/recertification process currently only applies to Virginia Tech, but the expectation is that a greater number of IdPs will be impacted by future upgrades. Since the change from 1.1 to 1.2 is not considered a major change, no audit is required. What is required for this upgrade is a written statement attesting to compliance with each criterion that is highlighted yellow in Substantive DIF: IAP v1.1 versus v1.2.
-The approach for future upgrades to the spec will be:
-AAC identifies the extent of the changes
-AAC decides on what is appropriate (attestation?, audit? Etc) given the extent of the changes
As reported in July, the Assurance and MFA Enhancements to Shibboleth Identity Provider RFP was awarded to Paul Hethmon. Paul has started work on the design documents, and progress can be review at:https://spaces.at.internet2.edu/display/InCAssurance/Shibboleth+Enhancements+-+Project+StatusImage Removed
Campuses doing acceptance testing will include U. Chicago, U. Florida and Brown. The project is on schedule to finish by the end of the year (or possibly sooner). Paul Hethmon has been communicating with the Shib developers to align his work with their Shibboleth UI work.
Counting Failed Login Attempts
Benn was not able to join the call to report on the Counting Failed Login Attempts work.
Dedra stated that UCSF is interested in working with another campus as partners in this area.
Brett Bieber at Nebraska might be a good partner.
AD Alternative Means Update
The group is working with Microsoft and also looking at possible interim approaches. The issues include a couple of the encryption algorithms that are not NIST compliant. One action item for the AD Alternative Means group may be to update the AD Cookbook.