Assurance Call of July 8, 2015
Attending
Jacob Farmer, Indiana University
Mohammed Haroun from Columbia
John Leonard, UW Madison
Brett Bieber, University of Nebraska
Jared Ross, University of Illinois
Eric Goodman, University of California Office of the President
Ann West, Internet2
Nick Roy, Internet2
David Walker, Internet2
Paul Caskey, Internet2
Emily Eisbruch, Internet2
Discussion
Introductions and Q&A with new Internet2 staff members (see the blog)
Nick Roy, Internet2 Director of Technology and Strategy at InCommon
Role includes:
Maintains integrity of InCommon Identity Federation Service
Ensure we can support edugain for interfederation
Support Assurance from the Technology sides
in the future, supporting the Privacy Lens/Attribute Release/Consent work from the Technology side
Nick was previously with University of Iowa and then Penn State.
A few years back, Nick worked with other community members on the AD Silver Assurance Cookbook.
Paul Caskey, Internet2 Program Manager of Community Trust and Practices
Paul was previously with University of Texas System
Helped develop and manage the University of Texas System Identity Federation
Identity Assurance has been important to Paul for many years.
Paul now located at the Internet2 / Unizen office in Austin.
Looks forward to working with the community to help spin up new working groups, including work on interfederation.
Also responsible for the InCommon Certificate Service
Ann West comments
Internet2/InCommon is fortunate to have Nick and Paul
Working on global interfederation will bring many opportunities
Paul, as Trust Manager, will help us connect and access higher value services.
Ideas: Trust Elevation Gateway, Multi Factor Authentication Gateway, help SPs offer high value services
The InCommon Federation Participant Operating Practices (POP) needs to be evolved
Comment: Great to have people of this caliber joining the InCommon team
MFA Interoperabiity Profile Working Group
Ann: Context Setting: Ann noted that she and Paul had a recent discussion with LaChelle LeVan of FICAM. LaChelle is an architect, replacing Anil John at FICAM.
FICAM does not have a federation, they are interested in leveraging the InCommon Federation.
The InCommon position is that we need a business driver.
InCommon is looking beyond the Bronze and Silver profiles in term of assurance.
FICAM is interested in the MFA work InCommon is doing.
Jacob: The call for participation in the MFA Interoperability Profile Working Group got good response from the community. Forty people expressed interest in participating.
Jacob will be putting people who have contacted him on the email list, which is mfa-interop@incommon.org
Jacob will be developing sub-groups to help chunk the work. Leaders will be needed for the subgroups. Hope for an organizational call for the working group the week of July 20.
Subgroups might roughly follow the deliverables as defined by the working group charter, which are:
1. Assemble use cases that will motivate the deliverables of this working group
2. Develop short list of widely deployed MFA technologies that will be in scope for the profile
3. Define requirements for and draft MFA Interoperability Profile
4. Develop and recommend scope and plan for adoption
===========
Paul: We will have another call with FICAM within a few weeks. We hope to get their input/representation on the working group.
David Walker: Offer to present to the new MFA Interop WG the underlying technical infrastructure used for the Multi Context Broker. Jacob: Agreed, that would be very helpful.
Round Robin
Mohammed, Columbia
Columbia appreciates the answers to questions that they posed on the Assurance list. In the future, they may have additional questions related to auditing for Silver Assurance
Eric, UCOP:
Wondering about definition of privacy for assurance. What does it mean to be privacy preserving?
Excited about the MFA work. UCOP is rolling out an application that needs MFA. Need ways to communicate whether MFA was done and when it was done.
Use case where MFA is desired but not required, where another approach is permitted
David: Time limits for authentication are an interesting use case
AI: (Jacob) will bring the issue of ForceAuthn to the MFA Interop Profile Working Group.
Ann: Would be great to have a conduit/liaison back to the CIC. Perhaps Brett, Jared, John can fill this role.