Building Identity Trust Federations Conference Call

May 19, 2010

In attendance:

Michael Hodges, U of HI
Denise Atkinson, COSN
Keith Kruger, COSN
Joseph Giroux, California Community Colleges
Keith Hazelton, University of Wisconsin-Milwaukee
Todd Piket, University of Minnesota State Colleges & Universities
Brad Schwoerer, University of Wisconsin-Madison
Garret Sern, EDUCAUSE
Craig Stevenson, WiscNet
David Walker, UC Davis
Dean Woodbeck, Internet2/InCommon
George Laskaris, NJEDGE.Net (Co-Chair)
Rodney Petersen, EDUCAUSE (Presenter)
Sujay Daniel, NJEDGE.Net
Renee Frost, Internet2
Mark Rank, U of Wisconsin-Milwaukee
Mark Scheible, North Carolina State University
Garret Sern, EDUCAUSE
Steve Thorpe, MCNC
John Toomey, North Carolina
Ann West, Internet2

Rodney Petersen Presentation

EDUCAUSE Identity and Access Management (IAM) Working Group (formerly PKI and Net@EDU PKI/IDM steering committee)

Campus and Higher Ed Stakeholders the IAM will engage:

Functions~Strategic Goals of EDUCAUSE IAM WG

Questions/Comments from Call Participants

Q1. Has the InCommon certificate service starting?

A.   Hasn't been released yet, but goal is for a flat fee associated with Carnegie class. Initial stage focused on SSL Cert. Once you have the domain, you can designate how they are distributed.

IAM Coordination with Federal Initiatives

Rodney provided some background on the White House's National Strategy for Secure Online Transactions:

National Strategy for Secure Online Transactions

Source of this effort called in White House Cyberspace Policy Review (May 2009), requested by President Obama in his first six months in office.

"The Federal government-in collaboration with industry and the civil liberties and privacy communities- should build a cyber security-based identity management vision and strategy for the Nation that considers and Array of approaches, including privacy-enhancing technologies. The Federal government must interact with citizens through a myriad of information, services, and benefit programs and thus has an interest in the protection of the public's private information as well." 3

Next goal will be a public document in response, which will include NPRMs. Final strategy expected by September.

What are the essential characteristics of Secure Online Transactions?

Guiding Principles:

Vision Statement - Individuals and organizations experience simple, convenient, and secure access to online services in a manner that provides privacy, confidence, and choice.

Identity Ecosystem

Value Proposition

Over thirty recommendations!!!

Goals

Goal 1: Enhance the security of online transactions through development of a common, comprehensive trust framework.

Goal 2: Build and implement interoperable infrastructure aligned with the common trust framework.

Goal 3: Enhance confidence and willingness to participate in online services.

Goal 4: Coordinate and lead national and efforts to drive innovation, interoperability, and trust.

Recommendations:

State CIOs had a workshop on this issue a couple weeks ago.

There may be a grant opportunity for pilot projects.

We notice there is a gap here on K-12, while expanding in higher ed. Will this initiative help address that gap on other populations?

Issue of who will be identity providers in the future is an issue that needs to be addressed. Some are looking at state governments; some countries are looking at their banks.

Extend commercial integration with the Federal Bridge

Develop support materials to facilitate implementation of the identity ecosystem

Develop legislative proposals to implement the FIPPs[1|#_ftn1], formalizing privacy protection in the identity ecosystem

Develop privacy best practices

Building Identity Trust Federations Develop and execute awareness campaign

Develop a transaction security and privacy curriculum

Promote identity ecosystem trustmark scheme to enable individual informed decisions

Provide education and training materials to all levels of government

Create extension offices that support organizations in aligning with the identity ecosystem

Develop relying party integration toolkits

Build, implement, and adopt a professional certification program

Set Federal budget priorities accelerated through revised Presidential Directives

Establish National Program Office charged with the mission of achieving the vision

Designate or create a public/private advisory group to support shared responsibilities in the deployment of the identity ecosystem

Transparently report public/private sector progress in achieving each goal and objective

Build a focused strategy to support the development of international identity ecosystem standards

Dedicate Federal resources to participate in national and international forums related to identity ecosystem

Provide test and evaluation capabilities to identity ecosystem participants

Appoint a single R&D focal point in the Federal Government to lead the identity ecosystem R&D agenda

Establish readily available licensing vehicles of R&D outputs to the public/private sector

Align identity ecosystem R&D Activities to 'Game Changing' strategy

Establish standards conformance assessment process

Establish standards conformance assessment process

Next Steps

The draft for public comment is expected in early June, with the final strategy document expected in September.

 
Questions/Comments from Call Participants

1.    Are there any other areas where this group can assist with these endeavors?

A.   Collaborative efforts - outreach to colleagues and comparing notes.

Expect that there is a lot of education and awareness needed on the state level.

2.    Has this moved up in the NC state hierarchy?

A.   There has been some on and off interest, but right now there appears not to be enough resources to dedicate.

-       Rodney recommends checking out the Post-Elementary Standards Council. (www.pesc.org)

COSN Insights

InCommon Insights

Upcoming US Feds Meeting at CAMP

Respectfully Submitted,

Garret Sern

EDUCAUSE


 


[1|#_ftnref]  See Appendix C for additional information on the Fair Information Practice Principles.