Child pages
  • CIC + Friends InC Silver doc group -- April 25, 2013
Skip to end of metadata
Go to start of metadata

Mary Dunker, Virginia Tech

Deb Coggins, Illinois

Galen Rafferty, CIC

Jeff Capehart, University of Florida

1.  Meeting turnouts and times
Mary previously had some conflicts, but now this time is OK.
Deb -- bad -- every month -- 
Action item -- Jim will put up a new Doodle poll

2.  Recent organizational changes at my institution (Michigan State).
     Identity Management has been moved from my department, ITS Infrastructure, to a different department, ITS University Systems.  
     I will most likely not be going with it, but will stay on here to lead my departments strategic and tactical planning activities.  There is a meeting
     next week to talk about the future of the InCommon Silver project at MSU, among other IdM-related topics.  I'll know more after that.  I will be
     here next month but there is a good chance that it will be tabled.

3.  Streamlined criteria for Bronze

U. of Illinois -- moving toward Bronze -- get ready for Silver audit later -- may be some rework
Mary thinks it's a good approach -- virtually all of the work can be reused -- certification process for Bronze is almost no work at all.
When will the Feds support it -- critical mass that were certified for Bronze -- 
Ann West has a Bronze value proposition -- just really good practice -- gives you a base line -- something concrete to demonstrate that
Initiative in research area -- invited to work with Feds in a pilot
CILogon -- using that to get to open access grid -- they do support Bronze & Silver
"Gold Star" with their internal audit

4.  Review of Documentation Examples section of the wiki.  What needs to be done going forward?

   a) Sample Management Assertions

Alternative means using active directory
Jim will reach out to the AD group to coordinate

VT -- document alternative means  -- FICAM approved 1.2 after VT was certified -- some format for submitting alternative means -- wiki page for alternative means
-- need to be submitted in that format

Jim will look into linking in or coordinating somehow the alternative means documentation
IAAF -- talks about what you have to do going forward -- notify if changes -- renew certification every three years
Assurance Advisory committee -- still working it out -- probably will not require another audit -- maintain compliance 
somehow say or affirm compliance going forward -- onus on the institution to maintain compliance.
Use VT's e-tokens, should get automatic approval.
We don't know how often the spec will be revised. Probably less frequent going forward.  Driven by FICAM.
1.2 is a big milestone.  

   b) Gap Analysis Templates

5.  Round robin

MSU -- InC Silver tabled, meeting next week to review status, might revive.

Illinois IAM project -- InC is taking a back seat right now, needs the same resources (people) who are engaged with IAM right now, the are coordinating.

Jeff Capehart -- InC Silver at Florida -- audit in process -- pretty close to the end -- issue assessment gap analysis -- Active Directory -- trying to use password 
based -- wait for alternative means for AD to be developed -- about 80% of the way there. Doing one thing for Silver and a different thing for other applications 
in the same system.  If you're using a token as a single factor, you can meet LOA2 with just a single factor.  Participating in the AD alternative means.  Here's
the gap chart:  https://spaces.at.internet2.edu/display/InCAssurance/IAP+Requirements+and+Gaps+for+Active+Directory+Domain+Services+%28AD-DS%29

Mary -- FIPS approved tokens -- token has its own password -- it's actually two factors in the token -- that particular password doesn't have to meet all 
the requirements for strong password, can put requirements.

When you apply for Silver you must simultaneously apply for Bronze -- VT has Bronze tokens and Silver tokens.  Distinguished by OID and certificate that is 
on them.

Suggestioin -- Send out meeting reminder as a calendar invite that can then appear on people's calendars. I'll try this if I remember.

  • No labels