Child pages
  • Minutes of Assurance Call of 4-Sep-2013

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Draft Minutes Assurance Implementers Call 4-Sept-2013

Attending:
Ann West, InCommon/Internet2
Mary Dunker, Virginia Tech
Karen Harrington, Virginia Tech
Steve Devoti, University of Wisc.
Dave Langenberg, U. Chicago
David Walker, Independent
Mark Rank, UCSF
Kevin Dale, UCSF
Marlena Erdos, Harvard
Brett Bieber, Univ. of Nebraska, Lincoln
Jeff Capehart, University of Florida
Emily Eisbruch, Internet2, scribe

DISCUSSION

Shib IdP Enhancements Progress

David Walker reported that Paul Hethmon has been making good progress on the Shib IDP Enhancements work. Progress can be reviewed at: https://spaces.at.internet2.edu/display/InCAssurance/Shibboleth+Enhancements+-+Project+Status

Paul expects to finish coding in a week or two. The campuses who agreed to do testing will then start the testing process. Hope to have some test reports to share on the next call.

Assurance Advisory Committee Update

FCCX
Mary Dunker reported that Ann West was involved in a call with the FCCX (Federal Cloud Credential Exchange). FCCX is a gateway providing translation service between federated FICAM-approved IdPs (using OpenID and SAML2) and federal agencies. FCCX plans to work with the VA and with NIST.  Virginia Tech will most likely be involved in testing the gateway in the future. Ann will be organizing another call with FCCX to share more information. The AAC and InCommon will most likely suggest some agencies that we think are important for FCCX to work with, such as Dept. of Education, Dept of Energy, NIH, and NSF.  Ann hopes to get FCCX to do a webinar for the community.  FCCX hopes to be in production in January 2014.

...

AAC Membership
The AAC has some terms expiring, and will be looking for some community members to join the AAC. Stay tuned for an email from Ann on this topic.

 
Counting Failed Login Attempts
Information on the Counting Failed Login Attempts work is found athttps://spaces.at.internet2.edu/display/InCAssurance/Failed+Authentication+Counter+Strawman
 
Brett reported that University of Nebraska has a working proof of concept that's collecting the authentication failures, using Splunk as the aggregator.
They are working on excluding the authentication attempts for invalid account names. Good progress is being made.

...

A: About 10 gig of data during the past month. But one single user has 6 million failure events.

 
AD Assurance Updatehttp://bit.ly/14CPlPu

Ann reported that the AD Assurance Group is finishing up the next iteration of the AD Cookbook. There is a plan to verify some interpretations of the assurance spec with the AAC.
Hope to be ready to talk about the next iteration of the cookbook for the October Assurance Implementers call.

...

Mary suggested it can be helpful to review the diagram in the Framework (IAAF), page 4:https://spaces.at.internet2.edu/download/attachments/9185/IAAF-V1.2-Feb2013.pdf?version=2&modificationDate=1361200017172

Bronze Cohort Plan

Ann is working on spinning up a Bronze Cohort group, that can help campuses to assist each other in reading the spec.

CommIT Project and Possible Digital Notary Service

CommIT is a project to streamline the identity management process for the college admissions process for K12.
CommIT is looking for pilot schools. See details on the wiki.https://spaces.at.internet2.edu/display/InCAdmissions/Home

In addition, as part of Phase 2 of  the CommIT project, there may be an effort to spin up a digital notary service for the CommIT credential.
Currently in the drafting stage.   
Could eventually fit in with federal agencies and provide an LOA2.

Round Robin on Assurance Work Status

U. Chicago – audit is ongoing
Harvard – awareness of assurance is building
U. Wisc.-Madison – some resource issues, though compliance is around 80%
UCSF – there is talk about assurance among the UC Trust Federation

...

Virginia Tech – Have started the 1.2 documentation. Hope to submit alternative means for 1.2 soon.
Goal is to finish by end of year.

SHA-256https://spaces.at.internet2.edu/display/InCAssurance/Transition+to+SHA-2
Ann reported that the InCommon TAC is investigating the SHA-256 issue. There are 3-4 campuses doing testing.