...
See:
https://trustmark.gtri.gatech.edu/concept/#framework-example-ficam
See pages 44-45 here:https://trustmark.gtri.gatech.edu/wp-content/uploads/2014/01/Trustmark-Pilot-Concept-Slides-for-IDESG-Briefing-2014-01-16.pdf
MFA Profile
For the MFA profile work, there are important decisions on how granular to be.
There For example, there are apps that want MFA. Some campuses have MFA tokens and some don'tWe need to figure out under .
Under what circumstances would the SP application trust that MFA had been done by the campus. , Versus the app invoking requiring its own MFA. Don't want campus MFA plus application MFA.
It was noted that with a light/simple definition of MFA trustmark (MFA? Y or N), there are issues problems that arise such as . Example: an SP that remembers you for 30 days (no forced reauthentication). There would be a need to disallow that kind of practice.
TIER
David: You define what you mean by MFA and there is some certification process that says an IDP has that trustmark. Then assertions it sends out would be honored. There is the IAP and IAQ on the trustmark
DUO might need to take an action to be compenstated for in Shib softeawre
But once you say you are doing MFA it is not that simple
we will need to stick a stake in the sand
Ann: would you want to leverage your use case to do a set of MFA community practices?
Erci: this might be in 6 monts. There is not focus on this yet.
But Eric will raise this at meetings.
David: we could get interest from Paul
Jeff Capehart asks about TIER
Ann: that is to accellearate IDM acrtoss HE
Sustaining Shib and Grouper long term is one issue
We are good at business to business
Question: How does the TIER work related to Assurance?
Info on TIER:https://drive.google.com/folderview?id=0BzRHp0xie6WFUVRqQXBwd3VSa1U&usp=sharing
Ann: TIER aims to accelerate IDM across HE. We need to help researchers get access to services,including participants in a VO. Also need to accelerate abililty for schools that don't have But we have researchers outside the campus that need to access serivces that are shared by a VO so they act as an individual member of this group. Also need to accellerate abiliy for schools taht dont ahve an effective IDM system and need one to access federated servicesFrom an advanced Institution, your participation may be for a component or two. You might want to leverage just parts . But there will be practices, part of the federation is , the campuses and SPs that are members. A big issues is normalizing practices. Assurance is part of that. all of that is important. it's about organization and infrastructure
JeffC: is there a commitment to do things in a certain way? Like the POP, like MFA, like certificates? Do you get to pick and choose?
Ann: yes you can pick and choose , but the practices will be a requirement. Persistant identifiers are very important. That is a key one.
Question: Can a campus be Can you be in TIER and not do Assurance?
Ann: we are Don't know yet. TIER is in an early stage. requirements Requirements are not yet set by the community. supporting practices and re usability. The practices must be focused on a business need.they all must come together to service a business need. Info on TIER:https://drive.google.com/folderview?id=0BzRHp0xie6WFUVRqQXBwd3VSa1U&usp=sharing
Next Assurance Implementers Call: Jan. 2015 (no call in Dec. 2014)
...