Draft Minutes: Assurance Implementers Call of 12-Dec-2012

Attending

Mary Dunker, Virginia Tech
Nick Roy, University of Iowa
Brett Bieber, Nebraska - Lincoln
Jim Green, Michigan State University
Mark Jones, UT Houston
Bill Weems, UT Houston
Susan Neitsch, Texas A&M
David Walker, Independent
Michael Gettes, Carnagie Melon University
Jeff Capehart, University of FLorida
Michael Brogan, U. Washington
CW Belcher, UT Austin
Arlene Allen, UCSB
Emily Eisbruch, Internet2, scribe
Ann West, InCommon/Internet2

DISCUSSION

Slides: https://spaces.at.internet2.edu/download/attachments/33816578/FICAM-Review-Spec-peek-dec-2012-v2.pptx

https://spaces.at.internet2.edu/display/InCAssurance/Profile+and+Framework+Versions

Review of Current Status Regarding FICAM Approval

Ann reviewed the InCommon Assurance history with FICAM

Highlights of Version 1.2:

More about Alternative Means:

Q:  Past experience shows that people change and institutional knowledge gets lost. How can we build in more stability so we don't risk having to start over again?

A:  As InCommon Assurance is now a formal program with established documented processes and record keeping, this reduces the loss of historical memory.

Directions Within FICAM

Q : What are some of the directions within FICAM?
A: FICAM has sent the trust framework providers a list of items and has requested input on prioritizing for 2013. For example, FICAM is looking at breaking up the spec into chunks (such as identity proofing) and enabling certification for a portion of the spec.

Q: Is it possible that FICAM will work with some of the large authentication /authorization vendors like Microsoft, to try to influence them to get strong authentication from people using their software? Has FICAM thought about export restrictions on cryptography versus their requirements?

Comment: the community needs to push the vendors to provide the features we need.

A: Internet2 is having discussions with Microsoft to work on a variety of issues, and Assurance is a part of the discussion.

Providing Community Guidance

It may be beneficial to hold a series of calls to work thru each section of the profile, so sites can discuss how to implement various aspects.

In addition, Mary and Emily are working on an Implementation Example to share the Virginia Tech experience.

Q: If a site submits now, under the 1.1 spec and then if 1.2 comes out right after that how soon does that site have before a re-audit is required?

A: A site has at least 6 months to comply with the new specs.  InCommon will work with any site that is certified under 1.1 to transition to 1.2.

Next Assurance Call:  Wed., January 9, 2013 at noon ET.