Child pages
  • Minutes of Assurance Call of 12-Feb-2014

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

FICAM has released a 2.0 version of the FICAM spec.

http://info.idmanagement.gov/2013/11/ficam-trust-framework-solutions-tfs.html

Trust framework providers, such as InCommon, have 6 months to comply with the new FICAM spec.   We are starting discussions to see what is There are  discussions underway to determine the impact of FICAM 2.0 to the InCommon Assurance program and the community. An important question is: what are the service providers FICAM will be working with first? The Veterans Admin is a big one.
InCommon is aware that many campuses don't want their faculty and staff to leverage their campus credentials to interact w consumer based services like the VA.
They want to use their campus credentials for grant submissions and teaching resources or for interactions  with the  Dept of Ed.
So we are trying InCommon is hoping to find out from FICAM, what is the ETA for the services that are more related to higher ed?
The answers to these questions will help the AAC determine how to support FICAM 2.0.

There is interest in our community in exploring/pursuing assurance for research and in developing a community profile to address research needs.
There has also been a request for a community profile that is more multifactor oriented. The hope is to address the needs of those SPs that are of interest to the InCommon community and the needs of the IDPs for good practices. The AAC is trying to come up with a happy medium that grows seeks to grow the trust level of the InCommon federation in a logical way.

Q: Scott: has the AAC had input from Steering or TAC on the amount of effort to continue to put into  FICAM?

A: Ann: InCommon TAC has been working on priorities and has passed along its recommendations to Steering. TAC wants to make assurance relevant to the community as a whole. One approach is to set a baseline set of practices for the community, to bring up the trust level. This can potentially address the fact that the current POP (Participant Operational Practices) document does not provide sufficient transparency to help SPs and IdPs fully understand the identity practices in effect.

Q: Scott: If new profiles are developed for HE and Research will there be a chance to help influence Federated Incident Response in the profiles from the beginning?

AnnA: The first step is requirements gathering. Eventually yes, there will be the chance to provide input

...

https://spaces.at.internet2.edu/display/InCAssurance/AD+Silver+Cookbook

David reported that the The comment period for the AD Assurance work closed at the end of January.   The comments that were received have resulted in some tweaks to the document. Soon there should be an announcement of publication of the 2014 version of the AD Assurance Cookbook.

Multi Context Broker

https://spaces.at.internet2.edu/display/InCAssurance/Multi-Context+Broker

David reported that the Multi Context Broker (MCB) code (version 1.0) is ready and a community announcement will be coming soon.

https://wiki.shibboleth.net/confluence/display/SHIB2/Multi-Context+Broker

David has developed some documentation that introduces concepts and why a site may be interested in the MCB.  Community input on the MCB is welcome. The Shib users list will be used for questions and comments on the MCB. The code is stored on GitHub and an issue tracker will be using used for tracking bugs. Dave Langenberg from U. Chicago said he's been able to implement DUO authentication for the MCB. Some of the other acceptance testers are now trying that out. A roadmap will be developed for next steps, such as to track if additional authentication modules that modules  may be needed. It will also be important to understanding what needs to be done to integrate into Shib V3 when it comes out.

It has taken about 1.5 years from developing the spec to getting this MCB implemented

Failed Authentication Counter

...