Assurance

["Roy, Nicholas S" <>]

Me as well.

Nick

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Lovaas,Steven
Sent: Wednesday, May 30, 2012 2:30 PM
To: 

Subject: RE: [Assurance] Remote proofing?

I'd also be interested in helping with this.

Steve


========================
Steven Lovaas
IT Security Manager
Colorado State University

970-297-3707
========================



-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Bradner, Scott
Sent: Wednesday, May 30, 2012 1:18 PM
To: 
<>
Subject: Re: [Assurance] Remote proofing?

I'm interested

Scott

Scott Bradner

Harvard University Information Technology Innovation & Architecture
+1 617 495 3864
29 Oxford St., Room 407
Cambridge, MA 02138
www.harvard.edu/huit





On May 30, 2012, at 3:10 PM, Ann West wrote:

> If there's interest in convening a collaboration group to develop some 
> recommendations on this topic, just let me know. Happy to help with the 
> phone bridge, wiki page, doodle polls, etc.
> 
> A good meaty thing to tackle, if you ask me.
> 
> Ann
> 
> Not saying dealing with people in other countries is not a problem, 
> but I found this while trying to educate myself:  
> http://travel.state.gov/law/judicial/judicial_2086.html
>  
>  
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Michael R. Gettes
> Sent: Wednesday, May 30, 2012 1:58 PM
> To: 
> <>
> Subject: Re: [Assurance] Remote proofing?
>  
> aren't we all assuming a perfect world where the world we need is "good 
> enough"?  and, have you tried to present an ID via video conf?  Frankly, it 
> looks pretty good.  Additionally, I have the problem of dealing with people 
> from other countries so Notary is problematic there.
>  
> /mrg
>  
> On May 30, 2012, at 14:54, Roy, Nicholas S wrote:
> 
> 
> This is a good point, Jacob- the validity of the documents would be harder 
> to determine via video link.  I think this might be a benefit to having a 
> notary look at the documents, if that's something they are trained to do.
>  
> Nick
>  
> From: 
> 
>  
> [mailto:]
>  On Behalf Of Farmer, Jacob
> Sent: Wednesday, May 30, 2012 10:58 AM
> To: 
> 
> Subject: RE: [Assurance] Remote proofing?
>  
> When it has come up at IU, one of the major concerns has been our ability 
> to tell if the ID has been altered over the video link.  Granted, we are 
> not likely to catch a good fake ID even if it's presented in person, but it 
> seems like we could very well miss a poorly altered ID over the video 
> conference link.
>  
> Jacob
>  
> From: 
> 
>  
> [mailto:]
>  On Behalf Of David Walker
> Sent: Wednesday, May 30, 2012 11:53 AM
> To: 
> 
> Subject: Re: [Assurance] Remote proofing?
>  
> I like this general approach.  It also raises the question of whether a 
> video conference link should be considered remote or local.  Clearly, it's 
> geographically remote, but the risks and the proofing process are much more 
> like local proofing.
> 
> Has anyone implemented identity proofing based on video conferencing?  I've 
> heard it discussed before, but I'm not aware of actual implementations.
> 
> David
> 
> On Tue, 2012-05-29 at 19:11 +0000, Michael R. Gettes wrote:
> 
> I've been mulling this over for some time.
>  
> Here are my thoughts on a Remote Proofing process we are now mulling over 
> at CMU.
>  
> There are parts in here to address some CMU problems of issuing 2nd-factor 
> tokens - but you could take that out of the flow and it still is viable.
>  
> The IDProof App has yet to be written.
>  
> /mrg
>  
> Version 1.0
> 
> Actor = Person to be Identity-Proofed
> Proofer = Doh!  Could be any full-time CMU staff person appropriately 
> authorized?  Could be Help Center staff?
> 
> It is assumed the Actor has already been issued an Andrew ID - or must we 
> define this process too?
> 
> 0. Actor and Proofer agree upon method of Video Conference (FaceTime, 
> Google Voice Video, Skype, others?)
> 
> 1. Actor independently obtains physical FOB or downloads soft FOB
> 
> 2. Proofer independently accesses ID-Proof Web App in a "Proofer" role
> 
> 3. Proofer establishes VC with Actor.
> a.  It is most optimal if someone the Proofer knows is with the Actor as a 
> "chain of custody".
> 
> 4. Actor presents to Proofer Official Photo ID - holding it up to the 
> camera.
> a.  Proofer verifies photo matches actor's face b.  Proofer records ID 
> Type, Issuer, ID number into ID-Proof Web App c.  Actor provides 
> AndrewID - Proofer validates AndrewID matches Actor d.  Possibility of 
> obtaining digital photo capture of Actor in VC e.  If a "custodian" 
> (see 3a) is present, record custodian AndrewID.
> 
> 5. Process FOB
> a.  Proofer records Actor's FOB # and AndrewID into ID-Proof Web App 
> b.  Proofer enables Actor's FOB
> 
> 6. Actor verifies authentication and access a. Actor accesses ID-Proof 
> Web App and login as normal user Actor authenticates using Shib SSO 
> and then uses FOB authN on ID-Proof page.
> b. Actor is presented with a 6 character KEY c. Actor reads KEY to 
> Proofer d. Proofer validates the Actor's KEY with KEY on Proofer's 
> ID-Proof page.
> e. repeat a-d until success
> 
> 7. Proofer approves Actor in ID-Proof Web App
> 
> 8. End Video Conference
> 
> 9. Proofer authorization
> a.  If Proofer has privilege to authorize then modify accordingly.
> b.  If not (9a) then Proofer notifies official authorizers ID-Proof steps 
> completed and provides AndrewID and Name to Authorizers.  Authorizers 
> modify accordingly.
> 
> Done.
>  
> 
>