Assurance Advisory Committee (AAC) Update
Mary Dunker reported that Ann West was involved in a call with the FCCX (Federal Cloud Credential Exchange). FCCX is a gateway providing translation service between federated FICAM-approved IdPs (using OpenID and SAML2) and federal agencies. FCCX plans to work with the VA and with NIST. Virginia Tech will most likely be involved in testing the gateway in the future. Ann will be organizing another call with FCCX to share more information. The AAC and InCommon will most likely suggest some agencies that we think are important for FCCX to work with, such as Dept. of Education, Dept of Energy, NIH, and NSF. Ann hopes to get FCCX to do a webinar for the community. FCCX hopes to be in production in January 2014.
The AAC has some terms expiring, and will be looking for some seeking community members to join the AAC. Stay tuned for an email from Ann on this topic.
Counting Failed Login Attempts
Information on the Counting Failed Login Attempts work is found at
Brett reported that University of Nebraska has a working proof of concept that's collecting the authentication failures, using Splunk as the aggregator.
They are working on excluding the authentication attempts for invalid account names. Good progress is being made.
Virginia Tech – Have started the 1.2 documentation. Hope to submit alternative means for 1.2 soon. Goal is to finish by end of year.