Baseline Expectations V2 office hours

Tuesday, August 31, 2021


Attending: 13 community members

also:


 Notes


REFEDs assurance Framework questions (not directly related to Baseline Expectations)

Looking at assurance, just got MFA working for NIH
The Assurance Documents show there are things that can be added to eduperson. 

https://wiki.refeds.org/display/ASS/REFEDS+Assurance+Framework+ver+1.0
What are other schools doing?  Asserting Cappuccino and Espresso profiles?
Did you change your policies to be able to assert things like IAP medium?
We allow help desk to do remote password resets.
We could not assert medium, unless we have in-person review of each person, but then its not in authoritative system. 
Helpdesk does not update authoritative system.



BrettB:
Important questions include:

There are claims in REFEDs Assurance Profile, related to confidence that person is who they said they are.
There is  local enterprise 
There is a spectrum document, showing low, medium and high.
Recommend starting with local enterprise claim, then look at low, and work towards medium if you can. 
Pulling I9 data from Banner system into Identity Management system.
Can we use this in a meaningful way?  Password resets cause a challenge


Credential binding is a critical part of this.

Some of that comes down to procedures that the Help Center follows when someone calls in for a password reset.
Can elevate the confidence.
Some institutions using IVR, where attributes get keyed into the phone.
Some of it is scoping.
Leverage a card office to perform in person proofing.
We need to think about the issues in a risk minded way.

Focus on local enterprise is a good approach. 

Albert:

Question

Answer

InCommon Federation Manager Dashboard

Question

Answer

Question

Answer

Question

Answer

 
Question

Answer

Question

Answer


Thank you to everyone who joined the Office Hour