Skip to Content.
Sympa Menu

assurance - [Assurance] IAP and Documenting Community Deliberations

Subject: Assurance

List archive

[Assurance] IAP and Documenting Community Deliberations


Chronological Thread 
  • From: "Michael R. Gettes" <>
  • To: "" <>
  • Subject: [Assurance] IAP and Documenting Community Deliberations
  • Date: Fri, 3 Aug 2012 21:16:12 +0000
  • Accept-language: en-US

Kind people,

Ann and I had a lengthy phone conversation today. I'm sure she would never
admit to it. :-)

I have long held the IAP and IAAF are good documents (especially where 1.2 is
ending up) but
there is a fundamental flaw in the documents in that they do not sufficiently
explain the
thinking leading up to what is in the documents. I have had lengthy
discussions with the
team who did silver and I have been peripherally involved in the process of
these documents
from the beginning and I do appreciate why they have not documented their
deliberations.
I don't think we should get into their reasoning and so on at this time but I
do think we
need some companion "documentation" to the IAAF and IAP to help people think
through the
meaning behind the items in these documents which in turn will lead to
implementations of
bronze and silver.

So, here is the idea. The community (this group) should have a series of
discussions and
document those discussions to come to a common understanding of minimal
perspectives to help
others with this process - cuz these documents are complicated. For example,
the issues raised
today regarding identity proofing and data involved by RA/CSP and retention.
There are multiple
sections of the document where all this relates and we should have some
explanation of the
relationship and issues at play for public versus private institutions and
other gotchas or
cautions. We could do this on our conference calls (which I think we would
need to have much
more often in order to achieve this work in a reasonable time frame) and
hopefully with a little
documentation of who attended the call and what was discussed on the call and
a collaborative
edit of the call minutes we could achieve what is being suggested here. Once
we tackle proofing
we could move on to other aspects of assurance - physical controls, blah blah
etc.

The real advantage of doing it this way is we don't need permission from
anyone as it is a
community activity. No real legal implications because we are just
documenting discussions
and not providing any official advice saying "do things this way". And, we
help the
community do federation better and make InCommon more useful to us all.

Now the challenge… how do we determine this is a good idea and then execute
it?

What say you? Don't be bashful, speak up!

/mrg



  • [Assurance] IAP and Documenting Community Deliberations, Michael R. Gettes, 08/03/2012

Archive powered by MHonArc 2.6.16.

Top of Page