...
https://spaces.at.internet2.edu/display/InCAssurance/Shibboleth+Enhancements+-+Project+Status
David reported that the Shib Enhancements work (known as Multi-context Broker) is in the acceptance testing phase. All issues that were identified by the acceptance testers have been fixed by the developer. The acceptance testers are now reviewing these fixes to determine if they give their stamp of approval.
David presented on the Multi-context Broker project a few times during ID Week and there was positive response. The initial purpose of the Shib enhancements was to address adding an indication of bronze or silver as part of authentication. Campuses are now thinking about using the Multi-context Broker to improve integration with AD and for other purposes, as seen in these notes from Advance CAMP: https://spaces.at.internet2.edu/display/ACAMPScribe2013/Multi-Context+Broker+and+Bootstrapping+AuthN+Requirements
...
Mary reported that Virginia Tech was certified under v 1.1 and is required to move to v 1.2.
Several issues around approved algorithms have required review as part of the 1.2 certification.
Concerning the SHA-1 issuesissue, the hope is that the SP 's with which the Virginia Tech users interact will support SHA -2.
There is an effort to identify the relevant SP's for the VA Tech users and and be sure they those SP's can support SHA-2
Then VA Tech will implement the plug-in for SHA-2.
====
Jeff Capehart reported that University of Florida has done a gap analysis and an overall audit on IDM. There will be meetings upcoming with the CIO to present the report. Some areas that must be addressed in order to meet InCommon Silver. The SHA-1 and SHA-2 issues are of particular interest after today's discussion.
Use of eduroam is of interest at U. Florida. It was noted that eduroam does not ask for an AuthnContext, rather eduroam authenication authentication is done via RADIUS servers.
Ann noted that eduraom eduroam is a credential consumer (not a provider), so it does not fall under our current assurance program, but it does fall within the framework.
Mary commented that that Virginia Tech does not use eduroam (they use another wireless server), and the use of RADIUS servers was considered a roadblock thereto use of eduroam.
====
Lee Trant reported that U. of Nebraska Medical Center has just recently submitted documentation for Bronze certification.
The issues with SHA-1 and SHA-2 are of interest and it will be interesting useful to discuss those on the "Reading Bronze" calls.
...
===
Eric Goodman stated that there is interest in the UC System in looking at assurance profiles and considering doing a self-audit.
A decision must be made on whether to refer to the assurance profiles that were developed along with UCTrust (before the Incommon Silver was developed) or to refer to the InCommon Silver profile for the purposes of the proposed audit. There is work discussion with the UC System CIOs to formalize and clarify the audit process.